CVE-2020-12625

2020-05-0402:15:11

Google

osv.dev

5.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

CPENameOperatorVersion
roundcubemaileq1.2-rc
roundcubemaileq1.1-rc
roundcubemaileq1.1.0
roundcubemaileq1.4-rc1
roundcubemaileq1.2-beta
roundcubemaileq1.4-beta
roundcubemaileq0.1-beta2
roundcubemaileq1.4-rc2
roundcubemaileq1.3-beta
roundcubemaileq1.1-beta

Name	Operator	Version
roundcubemail	eq	1.2-rc
roundcubemail	eq	1.1-rc
roundcubemail	eq	1.1.0
roundcubemail	eq	1.4-rc1
roundcubemail	eq	1.2-beta
roundcubemail	eq	1.4-beta
roundcubemail	eq	0.1-beta2
roundcubemail	eq	1.4-rc2
roundcubemail	eq	1.3-beta
roundcubemail	eq	1.1-beta