Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-46267HistoryOct 20, 2023 - 4:15 a.m.
CVE-2023-46267
2023-10-2004:15:00
Debian Security Bug Tracker
security-tracker.debian.org
6
roundcube
xss
svg
image
email
wash_uri
unix
0.0004 Low
EPSS
Percentile
8.5%
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows XSS via a text/html e-mail message containing an SVG image with a USE element. This is related to wash_uri in rcube_washtml.php.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | roundcube | <= 1.6.3+dfsg-1~deb12u1 | roundcube_1.6.3+dfsg-1~deb12u1_all.deb |
| Debian | 11 | all | roundcube | <= 1.4.14+dfsg.1-1~deb11u1 | roundcube_1.4.14+dfsg.1-1~deb11u1_all.deb |
| Debian | 10 | all | roundcube | <= 1.3.17+dfsg.1-1~deb10u2 | roundcube_1.3.17+dfsg.1-1~deb10u2_all.deb |
| Debian | 999 | all | roundcube | < 1.6.4+dfsg-1 | roundcube_1.6.4+dfsg-1_all.deb |
Related
cvelist
cvelist
CVE-2023-46267
1976-01-01 00:00:00
ubuntucve
ubuntucve
CVE-2023-46267
2023-10-20 00:00:00
cve
cve
CVE-2023-46267
2023-10-20 04:15:10
nvd
nvd
CVE-2023-46267
2023-10-20 04:15:10
osv
osv
CVE-2023-46267
2023-10-20 04:15:10