Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-16145
Roundcube Webmail prior to 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.3
CVSSv2
CVE-2020-12626
An issue exists in Roundcube Webmail prior to 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2020-12640
Roundcube Webmail prior to 1.4.4 allows malicious users to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
Roundcube Webmail
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
1 Github repository
7.5
CVSSv2
CVE-2020-12641
rcube_image.php in Roundcube Webmail prior to 1.4.4 allows malicious users to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Roundcube Webmail
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
2 Github repositories
1 Article
4.3
CVSSv2
CVE-2020-35730
An XSS issue exists in Roundcube Webmail prior to 1.2.13, 1.3.x prior to 1.3.16, and 1.4.x prior to 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
Roundcube Webmail
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
1 Github repository
2 Articles
4.3
CVSSv2
CVE-2019-10740
In Roundcube Webmail prior to 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can...
Roundcube Webmail
Fedoraproject Fedora 29
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
4.3
CVSSv2
CVE-2020-13964
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-13965
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
1 Github repository
NA
CVE-2023-5631
Roundcube prior to 1.4.15, 1.5.x prior to 1.5.5, and 1.6.x prior to 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
Roundcube Webmail
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
1 Github repository
1 Article
7.5
CVSSv2
CVE-2021-44026
Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to a potential SQL injection via search or search_params.
Roundcube Webmail
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »