Roundcube Webmail 1.6.x < 1.6.5 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.5.6 or 1.6.x prior to 1.6.5. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via a Content-Type or Content-Disposition header. Note that the scanner has not tested for these issues but has...

Roundcube Webmail 1.5.x < 1.5.5 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.4.15 or 1.5.x prior to 1.5.5 or 1.6.x prior to 1.6.4. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via an HTML e-mail message with a crafted SVG document. Note that the scanner has not test...

Roundcube Webmail < 1.4.14 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.4.14 or 1.5.x prior to 1.5.4 or 1.6.x prior to 1.6.3. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via text/plain e-mail messages with crafted links. Note that the scanner has not tested fo...

Roundcube Webmail 1.5.x < 1.5.8 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.8 or 1.6.x prior to 1.6.8. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS in rcmailactionmailget-run. - A Cross-Site Scripting XSS via a crafted e-mail message that abuses a...

Roundcube Webmail 1.6.x < 1.6.8 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.8 or 1.6.x prior to 1.6.8. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS in rcmailactionmailget-run. - A Cross-Site Scripting XSS via a crafted e-mail message that abuses a...

Roundcube Webmail < 1.4.15 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.4.15 or 1.5.x prior to 1.5.5 or 1.6.x prior to 1.6.4. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via an HTML e-mail message with a crafted SVG document. Note that the scanner has not test...

Roundcube Webmail 1.6.x < 1.6.3 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.4.14 or 1.5.x prior to 1.5.4 or 1.6.x prior to 1.6.3. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via text/plain e-mail messages with crafted links. Note that the scanner has not tested fo...

USN-7200-1 roundcube vulnerability

It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrary files on the host’s file system...

USN-7200-1: Roundcube vulnerability

It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrary files on the host’s file system...

Ubuntu: Security Advisory (USN-7200-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : Roundcube vulnerability (USN-7200-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7200-1 advisory. It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrar...

Exploit for Cross-site Scripting in Roundcube Webmail

Exploit Title: Roundcube mail server exploit for CVE-2024-373...

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481link is external Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383link is external RoundCube Webmail Cross-Site Scripting XSS Vulnerability...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-37383-POC Proof of concept for CVE-2024-37383 Int...

RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month an email that...

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

OPENSUSE-SU-2024:0328-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fi...

VulnCheck KEV: CVE-2024-37383

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...