Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube roundcube vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-44025
Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
Roundcube Webmail
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2020-12625
An issue exists in Roundcube Webmail prior to 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
1 Github repository
9.8
CVSSv3
CVE-2021-44026
Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to a potential SQL injection via search or search_params.
Roundcube Webmail
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
1 Article
6.1
CVSSv3
CVE-2023-47272
Roundcube 1.5.x prior to 1.5.6 and 1.6.x prior to 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
Roundcube Webmail
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
5.9
CVSSv3
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
5.4
CVSSv3
CVE-2018-16736
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
Rcfilters Project Rcfilters 2.1.6
1 EDB exploit
6.5
CVSSv3
CVE-2016-10770
cPanel prior to 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
Cpanel Cpanel
NA
CVE-2024-37383
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 allows XSS via SVG animate attributes.
5.5
CVSSv3
CVE-2017-18416
cPanel prior to 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
Cpanel Cpanel
8.1
CVSSv3
CVE-2016-10846
cPanel prior to 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
Cpanel Cpanel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »