Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2013-5646
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.
Roundcube Webmail 1.0
4.3
CVSSv2
CVE-2012-6121
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 0.8.5 allows remote malicious users to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
Roundcube Webmail 0.1
Roundcube Webmail 0.2
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2.2
Roundcube Webmail 0.3
Roundcube Webmail 0.5.2
Roundcube Webmail 0.5.3
Roundcube Webmail 0.5.4
Roundcube Webmail 0.6
Roundcube Webmail 0.5
Roundcube Webmail 0.5.1
Roundcube Webmail 0.7
Roundcube Webmail 0.7.2
Roundcube Webmail 0.8.0
Roundcube Webmail 0.4
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.8.1
Roundcube Webmail 0.8.2
Roundcube Webmail 0.8.3
Roundcube Webmail
Roundcube Webmail 0.1.1
4.3
CVSSv2
CVE-2012-3508
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote malicious users to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
Roundcube Webmail 0.8.0
1 EDB exploit
4.3
CVSSv2
CVE-2012-4668
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the signature in an email.
Roundcube Webmail 0.8.0
Roundcube Webmail 0.7.2
Roundcube Webmail 0.5.2
Roundcube Webmail 0.5
Roundcube Webmail 0.5.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.3
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.1
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4
Roundcube Webmail 0.7.1
Roundcube Webmail 0.7
Roundcube Webmail 0.6
Roundcube Webmail 0.5.4
Roundcube Webmail 0.2.2
Roundcube Webmail
Roundcube Webmail 0.7.3
Roundcube Webmail 0.5.3
Roundcube Webmail 0.3.1
Roundcube Webmail 0.2.1
1 EDB exploit
2.6
CVSSv2
CVE-2012-3507
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail prior to 0.8.0, when using the Larry skin, allows remote malicious users to inject arbitrary web script or HTML via the email message subject.
Roundcube Webmail 0.1
Roundcube Webmail 0.2.2
Roundcube Webmail 0.3
Roundcube Webmail 0.4
Roundcube Webmail 0.4.2
Roundcube Webmail 0.5.4
Roundcube Webmail 0.7
Roundcube Webmail 0.3.1
Roundcube Webmail 0.7.2
Roundcube Webmail
Roundcube Webmail 0.1.1
Roundcube Webmail 0.2
Roundcube Webmail 0.5
Roundcube Webmail 0.5.1
Roundcube Webmail 0.5.2
Roundcube Webmail 0.2.1
Roundcube Webmail 0.4.1
Roundcube Webmail 0.5.3
Roundcube Webmail 0.6
Roundcube Webmail 0.7.1
2.6
CVSSv2
CVE-2012-1253
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 0.7, when Internet Explorer is used, allows remote malicious users to inject arbitrary web script or HTML via vectors involving an embedded image attachment.
Roundcube Webmail
Roundcube Webmail 0.5.4
Roundcube Webmail 0.5.3
Roundcube Webmail 0.1.1
Roundcube Webmail 0.1
Roundcube Webmail 0.5.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.2.2
Roundcube Webmail 0.2
Roundcube Webmail 0.5
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4
Roundcube Webmail 0.3.1
Roundcube Webmail 0.3
Roundcube Webmail 0.5.2
Roundcube Webmail 0.2.1
5
CVSSv2
CVE-2011-4078
include/iniset.php in Roundcube Webmail 0.5.4 and previous versions, when PHP 5.3.7 or 5.3.8 is used, allows remote malicious users to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containin...
Roundcube Webmail 0.4.2
Roundcube Webmail 0.4
Roundcube Webmail 0.3
Roundcube Webmail 0.1
Roundcube Webmail 0.5.3
Roundcube Webmail
Roundcube Webmail 0.5.1
Roundcube Webmail 0.5
Roundcube Webmail 0.2
Roundcube Webmail 0.4.1
Roundcube Webmail 0.2.1
Roundcube Webmail 0.1.1
Roundcube Webmail 0.5.2
Roundcube Webmail 0.3.1
4.3
CVSSv2
CVE-2011-2937
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail prior to 0.5.4 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Roundcube Webmail 0.4.1
Roundcube Webmail 0.2
Roundcube Webmail 0.1
Roundcube Webmail 0.1.1
Roundcube Webmail
Roundcube Webmail 0.3.1
Roundcube Webmail 0.3
Roundcube Webmail 0.5
Roundcube Webmail 0.4
Roundcube Webmail 0.2.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.5.2
Roundcube Webmail 0.5.1
5.5
CVSSv2
CVE-2011-1492
steps/utils/modcss.inc in Roundcube Webmail prior to 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server...
Roundcube Webmail 0.1
Roundcube Webmail 0.3
Roundcube Webmail 0.4
Roundcube Webmail 0.1.1
Roundcube Webmail 0.2
Roundcube Webmail 0.4.2
Roundcube Webmail 0.5
Roundcube Webmail 0.2.1
Roundcube Webmail 0.4.1
Roundcube Webmail 0.3.1
Roundcube Webmail
3.5
CVSSv2
CVE-2011-1491
The login form in Roundcube Webmail prior to 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's accou...
Roundcube Webmail 0.1.1
Roundcube Webmail 0.1
Roundcube Webmail 0.2
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.2.1
Roundcube Webmail 0.4
Roundcube Webmail 0.3
Roundcube Webmail 0.3.1
Roundcube Webmail 0.5
Roundcube Webmail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »