Roundcube 1.5.x prior to 1.5.6 and 1.6.x prior to 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roundcube webmail |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |