Exploit for Cross-site Scripting in Roundcube Webmail

Proof of Concept: CVE-2024-42008 and CVE-2024-42010 This pr...

Exploit for Cross-site Scripting in Roundcube Webmail

XSS Exploit for Roundcube Webmail 1.6.7 CVE-2024-42009 D...

SUSE CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

Roundcube Webmail <= 1.6.9 XSS Vulnerability - Linux

Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Roundcube Webmail <= 1.6.9 XSS Vulnerability - Windows

Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

DEBIAN-CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

UBUNTU-CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail version 1.6.9, which stems from the presence of a cross-site scripting X...

CVE-2024-57004

CVE-2024-57004 affects Roundcube Webmail 1.6.9. An XSS exists where remote authenticated users can upload a malicious file as an email attachment, with the XSS triggered when visiting the SENT session. The description specifies the vulnerable component is the attachment upload path and the conseq...

PT-2025-3376

Name of the Vulnerable Software and Affected Versions Roundcube Webmail version 1.6.9 Description The issue allows remote authenticated users to upload a malicious file as an email attachment. This leads to the triggering of a Cross-Site Scripting XSS attack when the SENT session is visited...

CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

Roundcube Webmail 1.5.x < 1.5.6 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.5.6 or 1.6.x prior to 1.6.5. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via a Content-Type or Content-Disposition header. Note that the scanner has not tested for these issues but has...

Roundcube Webmail 1.6.x < 1.6.4 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.4.15 or 1.5.x prior to 1.5.5 or 1.6.x prior to 1.6.4. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via an HTML e-mail message with a crafted SVG document. Note that the scanner has not test...

Roundcube Webmail 1.5.x < 1.5.7 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.7 or 1.6.x prior to 1.6.7. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS via SVG animate attributes. - A Cross-Site Scripting XSS via list columns from user preferences. - A...

Roundcube Webmail 1.5.x < 1.5.4 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.4.14 or 1.5.x prior to 1.5.4 or 1.6.x prior to 1.6.3. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via text/plain e-mail messages with crafted links. Note that the scanner has not tested fo...

Roundcube Webmail 1.6.x < 1.6.7 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.7 or 1.6.x prior to 1.6.7. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS via SVG animate attributes. - A Cross-Site Scripting XSS via list columns from user preferences. - A...