Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roundcube webmail |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |