CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
82.1%
The Roundcube project reports:
XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
82.1%