CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
58.9%
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.
Vendor | Product | Version | CPE |
---|---|---|---|
roundcube | webmail | * | cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:* |
roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:* |
roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:* |
roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:* |
roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:* |
roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:* |
roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:* |
roundcube | webmail | 0.1.1 | cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:* |
roundcube | webmail | 0.2 | cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:* |
roundcube | webmail | 0.2 | cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:* |