Lucene search
K

49 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54448

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...

6.5CVSS6AI score0.00181EPSS
Exploits0References11
OSV
OSV
added 2026/04/03 6:31 a.m.3 views

GHSA-VXG2-HHGR-37FX Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

5.4CVSS5.9AI score0.0031EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-2026

Malware in sbrugna...

5CVSS6.1AI score0.01798EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-8111

Malware in sbrugna...

6.1CVSS6.8AI score0.01945EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/10/25 12:0 a.m.22 views

Fedora 38 : roundcubemail (2023-955e390a13)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-955e390a13 advisory. Version 1.6.4 - Fix PHP8 warnings 9142, 9160 - Fix default 'mime.types' path on Windows 9113 - Managesieve: Fix javascript error when relational or spamtest...

6.1CVSS5.8AI score0.73445EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/10/18 12:0 a.m.55 views

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2022:10148-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10148-1 advisory. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a...

9.8CVSS7.8AI score0.84456EPSS
Exploits3References11
Ubuntu
Ubuntu
added 2022/10/07 8:33 p.m.52 views

USN-5663-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the...

8.8CVSS7.4AI score0.0094EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/13 12:0 a.m.16 views

Debian: Security Advisory (DLA-2878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.01045EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2021/12/30 12:0 a.m.9 views

Roundcube -- XSS vulnerability

The Roundcube project reports: Cross-site scripting XSS via HTML messages with malicious CSS content...

0.7AI score
Exploits0References1
OSV
OSV
added 2021/07/02 6:6 p.m.8 views

OPENSUSE-SU-2021:0959-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

6.1CVSS6AI score0.32823EPSS
Exploits3References7
OSV
OSV
added 2021/06/27 5:3 a.m.16 views

OPENSUSE-SU-2021:0931-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

6.1CVSS6AI score0.32823EPSS
Exploits3References7
OSV
OSV
added 2021/03/12 1:25 a.m.15 views

MGASA-2021-0130 Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

5.4CVSS5.2AI score0.01006EPSS
Exploits0References3
Mageia
Mageia
added 2021/03/12 1:25 a.m.46 views

Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

5.4CVSS0.5AI score0.01006EPSS
Exploits0References2
Veracode
Veracode
added 2020/12/06 3:29 a.m.28 views

Cross-Site Scripting (XSS)

roundcube is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via HTML messages during message display...

6.1CVSS2AI score0.01945EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/30 12:0 a.m.51 views

openSUSE Security Update : roundcubemail (openSUSE-2020-1516)

This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...

9.8CVSS7.8AI score0.84456EPSS
Exploits4References14
Mageia
Mageia
added 2020/08/18 8:43 p.m.50 views

Updated roundcubemail packages fix security vulnerabilities

Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...

6.1CVSS0.7AI score0.01945EPSS
Exploits0References2
OSV
OSV
added 2020/08/12 1:15 p.m.1 views

DEBIAN-CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

6.1CVSS6.7AI score0.01945EPSS
Exploits0References1
NVD
NVD
added 2020/08/12 1:15 p.m.28 views

CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

6.1CVSS6AI score0.01945EPSS
Exploits0References7
Prion
Prion
added 2020/08/12 1:15 p.m.20 views

Cross site scripting

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

4.3CVSS5.8AI score0.01945EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2020/08/12 1:15 p.m.3 views

UBUNTU-CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

6.1CVSS6.8AI score0.01945EPSS
Exploits0References8
Rows per page
Query Builder