Lucene search
MitreCVELIST:CVE-2024-42009HistoryAug 05, 2024 - 12:00 a.m.
CVE-2024-42009
2024-08-0500:00:00
mitre
www.cve.org
2
roundcube
cross-site scripting
desanitization
email theft
EPSS
0.008
Percentile
82.1%
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
References
github.com/roundcube/roundcubemail/releases
github.com/roundcube/roundcubemail/releases/tag/1.5.8
github.com/roundcube/roundcubemail/releases/tag/1.6.8
roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
Related
debiancve
debiancve
CVE-2024-42009
2024-08-05 19:15:38
cve
cve
CVE-2024-42009
2024-08-05 19:15:38
ubuntucve
ubuntucve
CVE-2024-42009
2024-08-05 00:00:00
osv
osv
CVE-2024-42009
2024-08-05 19:15:38
roundcubemail-1.6.8-1.1 on GA media
2024-08-07 00:00:00
roundcube - security update
2024-08-08 00:00:00
vulnrichment
vulnrichment
CVE-2024-42009
2024-08-05 00:00:00
nvd
nvd
CVE-2024-42009
2024-08-05 19:15:38
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0279)
2024-08-16 00:00:00
Roundcube Webmail < 1.5.8, 1.6.x < 1.6.8 Multiple Vulnerabilities - Linux
2024-08-05 00:00:00
Fedora: Security Advisory (FEDORA-2024-2e908e829a)
2024-08-15 00:00:00
nessus
nessus
Debian dsa-5743 : roundcube - security update
2024-08-08 00:00:00
Fedora 40 : roundcubemail (2024-2e908e829a)
2024-08-15 00:00:00
Fedora 39 : roundcubemail (2024-b60eb661a4)
2024-08-15 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: roundcubemail-1.6.8-1.fc40
2024-08-15 02:34:19
[SECURITY] Fedora 39 Update: roundcubemail-1.6.8-1.fc39
2024-08-15 14:23:12
mageia
mageia
Updated roundcubemail packages fix security vulnerabilities
2024-08-15 20:48:28
freebsd
freebsd
Roundcube -- Multiple vulnerabilities
2024-08-04 00:00:00
redos
redos
ROS-20240826-17
2024-08-26 00:00:00
thn
thn
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
2024-08-07 13:29:00