The vulnerability of the mod_css_styles function in the Cascading Style Sheet Handler component of the RoundCube email client allows a hacker to disclose confidential information.

The vulnerability of the modcssstyles function in the Cascading Style Sheet Handler component of the RoundCube email client is related to insufficient filtering of the sequence of tokens in CSS styles displayed in email messages. Exploiting this vulnerability could allow an attacker to disclose...

Roundcube TimeZone Authenticated File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube TimeZone Authenticated File Disclosure', 'Description' = %q Roundcube Webmail allows unauthorized access to arbitrary files on the host...

ROS-20240826-17

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service Vulnerability of...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2024:0257-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0257-1 advisory. Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: F...

OPENSUSE-SU-2024:0257-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported...

The vulnerability of the rcmail_action_mail_get->run() function in the RoundCube Webmail client allows a hacker to execute XSS attacks.

The vulnerability of the rcmailactionmailget-run function in the RoundCube Webmail client exists because measures to protect the web page structure are not taken. Exploiting this vulnerability allows a malicious actor to perform XSS attacks by sending specially crafted malicious attachments...

MGASA-2024-0279 Updated roundcubemail packages fix security vulnerabilities

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.8-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 40 Update: roundcubemail-1.6.8-1.fc40

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] [DSA 5743-2] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5743-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2024 https://www.debian.org/security/faq -...

DSA-5743-2 roundcube - security update

Bulletin has no description...

The vulnerability of the message_body() function in the program/actions/mail/show.php file of the RoundCube Webmail email client allows a hacker to gain full access to the user’s email by sending a specially crafted message.

The vulnerability of the messagebody function in the program/actions/mail/show.php file of the RoundCube Webmail email client exists due to the lack of security measures for handling web page structures. Exploiting this vulnerability allows an attacker to gain full access to the email account by...

FreeBSD : Roundcube -- Multiple vulnerabilities (5776cc4f-5717-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5776cc4f-5717-11ef-b611-84a93843eb75 advisory. The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content...

Debian: Security Advisory (DSA-5743-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Roundcube Webmail 1.5.x < 1.5.8 / 1.6.x < 1.6.8 Multiple Vulnerabilities

The remote web server is running Roundcube Webmail version 1.5.x prior to 1.5.8 or 1.6.x prior to 1.6.8. It is, therefore, affected by multiple vulnerabilities. - A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote...

[SECURITY] [DSA 5743-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5743-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2024 https://www.debian.org/security/faq -...

Vulnerabilities fixed in RoundCube Webmail

Vulnerabilities have been fixed in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...

SUSE CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

DSA-5743-1 roundcube - security update

Bulletin has no description...

Debian dsa-5743 : roundcube - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5743 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5743-1 [email protected] https://www.debian.org/securit...