Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-18670
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
Roundcube Webmail 1.4.4
5.4
CVSSv3
CVE-2021-26925
Roundcube prior to 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Roundcube Webmail
Fedoraproject Fedora 32
Fedoraproject Fedora 33
4.3
CVSSv3
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
Analogic Poste.io 2.1.6
4.3
CVSSv3
CVE-2019-10740
In Roundcube Webmail prior to 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can...
Roundcube Webmail
Fedoraproject Fedora 29
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
NA
CVE-2024-37384
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 allows XSS via list columns from user preferences.
NA
CVE-2024-37383
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 allows XSS via SVG animate attributes.
NA
CVE-2024-37385
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
NA
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.2
Roundcube Webmail 1.1.1
NA
CVE-2015-1433
program/lib/Roundcube/rcube_washtml.php in Roundcube prior to 1.0.5 does not properly quote strings, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Roundcube Webmail
Fedoraproject Fedora 21
NA
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail prior to 1.0.4 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Roundcube Webmail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »