CVE-2023-5631 Stored XSS vulnerability in Roundcube

2023-10-1814:51:18

CWE-79

ESET

www.cve.org

roundcube

stored xss

vulnerability

cve-2023-5631

html e-mail

svg document

javascript code

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker

to load arbitrary JavaScript code.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Roundcubemail",
    "repo": "https://github.com/roundcube/roundcubemail",
    "vendor": "Roundcube",
    "versions": [
      {
        "lessThan": "1.6.3",
        "status": "affected",
        "version": "1.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.5.4",
        "status": "affected",
        "version": "1.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.5.14",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "1.6.4"
      },
      {
        "status": "unaffected",
        "version": "1.5.5"
      },
      {
        "status": "unaffected",
        "version": "1.5.15"
      }
    ]
  }
]