CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
82.2%
Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting (XSS) vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download (CVE-2023-47272) Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. (CVE-2023-5631) Some other errors have been fixed: - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters - Fix PHP warnings - Fix UI issue when dealing with an invalid managesieve_default_headers value - Fix bug where images attached to application/smil messages weren’t displayed - Fix PHP string replacement error in utils/error.php - Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | roundcubemail | < 1.6.5-1 | roundcubemail-1.6.5-1.mga9 |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
82.2%