Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail - vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-18670
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
Roundcube Webmail 1.4.4
5.4
CVSSv3
CVE-2020-18671
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
Roundcube Webmail
5.4
CVSSv3
CVE-2021-26925
Roundcube prior to 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Roundcube Webmail
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.1
CVSSv3
CVE-2020-35730
An XSS issue exists in Roundcube Webmail prior to 1.2.13, 1.3.x prior to 1.3.16, and 1.4.x prior to 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
Roundcube Webmail
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
1 Github repository
2 Articles
6.1
CVSSv3
CVE-2020-16145
Roundcube Webmail prior to 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.1
CVSSv3
CVE-2020-15562
An issue exists in Roundcube Webmail prior to 1.2.11, 1.3.x prior to 1.3.14, and 1.4.x prior to 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
Roundcube Webmail
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2020-13964
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2020-13965
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
1 Github repository
9.8
CVSSv3
CVE-2020-12641
rcube_image.php in Roundcube Webmail prior to 1.4.4 allows malicious users to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Roundcube Webmail
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2020-12640
Roundcube Webmail prior to 1.4.4 allows malicious users to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
Roundcube Webmail
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »