Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-47272HistoryNov 06, 2023 - 12:15 a.m.
CVE-2023-47272
2023-11-0600:15:09
Debian Security Bug Tracker
security-tracker.debian.org
12
roundcube
xss
content-type
content-disposition
attachment preview
download
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.1%
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | roundcube | < 1.6.5+dfsg-1~deb12u1 | roundcube_1.6.5+dfsg-1~deb12u1_all.deb |
| Debian | 11 | all | roundcube | < 1.4.15+dfsg.1-1~deb11u2 | roundcube_1.4.15+dfsg.1-1~deb11u2_all.deb |
| Debian | 999 | all | roundcube | < 1.6.5+dfsg-1 | roundcube_1.6.5+dfsg-1_all.deb |
| Debian | 13 | all | roundcube | < 1.6.5+dfsg-1 | roundcube_1.6.5+dfsg-1_all.deb |
Related
cve
cve
CVE-2023-47272
2023-11-06 00:15:09
osv
osv
roundcube - security update
2023-12-04 00:00:00
BIT-roundcube-2023-47272
2024-03-06 11:04:04
CVE-2023-47272
2023-11-06 00:15:09
veracode
veracode
Cross-Site Scripting (XSS)
2023-11-07 16:03:30
prion
prion
Design/Logic Flaw
2023-11-06 00:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: roundcubemail-1.6.5-1.fc37
2023-11-15 02:01:49
[SECURITY] Fedora 38 Update: roundcubemail-1.6.5-1.fc38
2023-11-15 02:15:36
[SECURITY] Fedora 39 Update: roundcubemail-1.6.5-1.fc39
2023-11-15 01:43:37
openvas
openvas
Debian: Security Advisory (DLA-3683-1)
2023-12-05 00:00:00
Fedora: Security Advisory for roundcubemail (FEDORA-2023-cf584ed77a)
2023-11-16 00:00:00
Roundcube Webmail < 1.5.6, 1.6.x < 1.6.5 XSS Vulnerability
2023-10-19 00:00:00
nessus
nessus
Debian DLA-3683-1 : roundcube - LTS security update
2023-12-05 00:00:00
Debian DSA-5572-1 : roundcube - security update
2023-12-04 00:00:00
Fedora 38 : roundcubemail (2023-0fd9865145)
2023-11-14 00:00:00
nvd
nvd
CVE-2023-47272
2023-11-06 00:15:09
redos
redos
ROS-20231116-01
2023-11-16 00:00:00
debian
debian
[SECURITY] [DSA 5572-1] roundcube security update
2023-12-04 08:44:22
[SECURITY] [DLA 3683-1] roundcube security update
2023-12-04 23:55:46
cvelist
cvelist
CVE-2023-47272
2023-11-05 00:00:00
ubuntucve
ubuntucve
CVE-2023-47272
2023-11-06 00:00:00
mageia
mageia
Updated roundcubemail packages fix XSS security vulnerabilities
2023-12-01 14:54:47
ubuntu
ubuntu
Roundcube vulnerabilities
2024-06-25 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.1%
Related for DEBIANCVE:CVE-2023-47272