Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube roundcube vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.2
NA
CVE-2015-1433
program/lib/Roundcube/rcube_washtml.php in Roundcube prior to 1.0.5 does not properly quote strings, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Roundcube Webmail
Fedoraproject Fedora 21
NA
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail prior to 1.0.4 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Roundcube Webmail
NA
CVE-2013-1904
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail prior to 0.7.3 and 0.8.x prior to 0.8.6 allows remote malicious users to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf ac...
Roundcube Webmail 0.8.2
Roundcube Webmail 0.8.1
Roundcube Webmail 0.8.0
Roundcube Webmail
Roundcube Webmail 0.4
Roundcube Webmail 0.3.1
Roundcube Webmail 0.3
Roundcube Webmail 0.1
Roundcube Webmail 0.5.2
Roundcube Webmail 0.5.1
Roundcube Webmail 0.5
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.8.5
Roundcube Webmail 0.8.3
Roundcube Webmail 0.7.1
Roundcube Webmail 0.6
Roundcube Webmail 0.5.3
Roundcube Webmail 0.4.1
Roundcube Webmail 0.2.1
Roundcube Webmail 0.8.4
Roundcube Webmail 0.7
NA
CVE-2013-6172
steps/utils/save_pref.inc in Roundcube webmail prior to 0.8.7 and 0.9.x prior to 0.9.5 allows remote malicious users to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary c...
Roundcube Webmail 0.9
Roundcube Webmail 0.8.2
Roundcube Webmail 0.8.1
Roundcube Webmail 0.5.3
Roundcube Webmail 0.5.2
Roundcube Webmail 0.4
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2
Roundcube Webmail 0.1
Roundcube Webmail 0.9.3
Roundcube Webmail 0.9.2
Roundcube Webmail
Roundcube Webmail 0.8.5
Roundcube Webmail 0.7.2
Roundcube Webmail 0.7.1
Roundcube Webmail 0.7
Roundcube Webmail 0.5
Roundcube Webmail 0.3
Roundcube Webmail 0.1.1
Roundcube Webmail 0.9.1
Roundcube Webmail 0.9.0
Roundcube Webmail 0.8.4
NA
CVE-2013-5645
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail prior to 0.9.3 allow user-assisted remote malicious users to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow re...
Roundcube Webmail 0.9
Roundcube Webmail 0.7.2
Roundcube Webmail 0.7.1
Roundcube Webmail 0.5
Roundcube Webmail 0.3
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.1
Roundcube Webmail 0.8.3
Roundcube Webmail 0.8.4
Roundcube Webmail 0.8.5
Roundcube Webmail
Roundcube Webmail 0.8.1
Roundcube Webmail 0.5.4
Roundcube Webmail 0.5.3
Roundcube Webmail 0.4
Roundcube Webmail 0.2.1
Roundcube Webmail 0.8.2
Roundcube Webmail 0.9.0
Roundcube Webmail 0.9.1
Roundcube Webmail 0.7
Roundcube Webmail 0.6
NA
CVE-2013-5646
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.
Roundcube Webmail 1.0
NA
CVE-2012-6121
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 0.8.5 allows remote malicious users to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
Roundcube Webmail 0.1
Roundcube Webmail 0.2
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2.2
Roundcube Webmail 0.3
Roundcube Webmail 0.5.2
Roundcube Webmail 0.5.3
Roundcube Webmail 0.5.4
Roundcube Webmail 0.6
Roundcube Webmail 0.5
Roundcube Webmail 0.5.1
Roundcube Webmail 0.7
Roundcube Webmail 0.7.2
Roundcube Webmail 0.8.0
Roundcube Webmail 0.4
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.8.1
Roundcube Webmail 0.8.2
Roundcube Webmail 0.8.3
Roundcube Webmail
Roundcube Webmail 0.1.1
NA
CVE-2012-3508
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote malicious users to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
Roundcube Webmail 0.8.0
1 EDB exploit
NA
CVE-2012-3507
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail prior to 0.8.0, when using the Larry skin, allows remote malicious users to inject arbitrary web script or HTML via the email message subject.
Roundcube Webmail 0.1
Roundcube Webmail 0.2.2
Roundcube Webmail 0.3
Roundcube Webmail 0.4
Roundcube Webmail 0.4.2
Roundcube Webmail 0.5.4
Roundcube Webmail 0.7
Roundcube Webmail 0.3.1
Roundcube Webmail 0.7.2
Roundcube Webmail
Roundcube Webmail 0.1.1
Roundcube Webmail 0.2
Roundcube Webmail 0.5
Roundcube Webmail 0.5.1
Roundcube Webmail 0.5.2
Roundcube Webmail 0.2.1
Roundcube Webmail 0.4.1
Roundcube Webmail 0.5.3
Roundcube Webmail 0.6
Roundcube Webmail 0.7.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »