Roundcube Webmail 安全漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail version 1.5.7 and earlier and version 1.6.x prior to 1.6.8, which stems...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.5.7 and earlier and 1.6.x before 1.6.8, which stems from an...

EUVD-2024-39390

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

PT-2024-5873

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.0 through 1.5.7 Roundcube versions 1.6.0 through 1.6.7 Description The issue is related to the mod css styles function in Roundcube, which insufficiently filters Cascading Style Sheets CSS token sequences in rendered...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail version 1.5.7 and earlier and version 1.6.x prior to 1.6.8, which stems...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php. Recent assessments: Assessed...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42008

CVE-2024-42008 is a Cross‑Site Scripting flaw in Roundcube’s rcmail_action_mail_get->run() that affects Roundcube < = 1.5.7 and 1.6.x

CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

CVE-2024-42010

CVE-2024-42010 affects Roundcube Webmail; vulnerable in mod_css_styles filtering of CSS token sequences in rendered e‑mail messages. Impact: information leakage through insufficient CSS filtering. Affected versions include Roundcube 1.5.7 and 1.6.x up to 1.6.7. Mitigation: upgrade to Roundcube 1....

CVE-2024-42009

CVE-2024-42009 is a high-severity (CRITICAL) Cross-Site Scripting vulnerability in RoundCube Webmail (affected: up to 1.5.7 and 1.6.x up to 1.6.7) allowing a remote attacker to steal/send a victim’s emails via a crafted message that abuses a desanitization issue in message_body() of program/actio...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

The vulnerability of the RoundCube Webmail email client stems from insufficient protection of the website’s structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the RoundCube Webmail email client is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using columns from user preferences lists...

The vulnerability of the RoundCube Webmail email client stems from insufficient protection of the website’s structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the RoundCube Webmail email client is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using SVG element animation attributes...

Debian: Security Advisory (DLA-3835-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5714-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the im_convert_path/im_identify_path function in the RoundCube Webmail client allows a hacker to exploit their privileges.

The vulnerability of the imconvertpath/imidentifypath function in the RoundCube Webmail email client is related to the lack of measures taken at the administrative level to clean up data. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...