Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-47272

Published: 06/11/2023 Updated: 28/12/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Webmail

Vulnerability Summary

Roundcube 1.5.x prior to 1.5.6 and 1.6.x prior to 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

Vulnerable Product Search on Vulmon Subscribe to Product

roundcube webmail

fedoraproject fedora 37

fedoraproject fedora 38

fedoraproject fedora 39

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian CVElist Bug Report Logs: roundcube: CVE-2023-47272: cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Debian Bug report logs - #1055421 roundcube: CVE-2023-47272: cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download Package: src:roundcube; Maintainer for src:roundcube is Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-listsdebiannet>; Reported by ...
Debian Security Advisories: DSA-5572-1 roundcube -- security update
Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments This would allow an attacker to load arbitrary JavaScript code For the oldstable distribution (bullseye), this problem has been fixed in version 1415+dfsg1-1~deb11u2 For the stable distribution ...

References

CWE-79https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2dhttps://github.com/roundcube/roundcubemail/releases/tag/1.5.6https://github.com/roundcube/roundcubemail/releases/tag/1.6.5https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4F4DUA3Q46ZVB2RD7BFP4XMNS4RYFFQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFRGBPET73URF6364CI547ZVWQESJLGK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GILSR762MJB3BNJOVOCMW2JXEPV46IIQ/https://www.debian.org/security/2023/dsa-5572https://lists.debian.org/debian-lts-announce/2023/12/msg00005.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5572
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook