VulnCheck KEV: CVE-2020-13965

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...

Ubuntu: Security Advisory (USN-6848-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote...

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...

USN-6848-1 roundcube vulnerabilities

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-5631 Rene...

USN-6848-1: Roundcube vulnerabilities

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-5631 Rene...

[SECURITY] [DSA 5714-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5714-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2024 https://www.debian.org/security/faq -...

PT-2024-5574

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.7 and earlier, 1.6.x through 1.6.7 Description The issue exists due to inadequate protection of the web page structure in the rcmail action mail get-run function of the Roundcube Webmail client. Exploitation of this issu...

PT-2024-5497

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.5.8 Roundcube versions 1.6.0 through 1.6.7 Roundcube versions prior to 1.6.8 Roundcube versions prior to 1.4.15+dfsg.1-1+deb11u4 Bullseye Roundcube versions prior to 1.6.5+dfsg-1+deb12u3 Bookworm Roundcube version...

ROS-20240618-01

A vulnerability in the SVG Handler component of the RoundCube email client is related to cross-site scripting attacks. Exploitation of the vulnerability could allow an attacker acting remotely to exploit XSS via the SVG animation attributes. Vulnerability in the User Preferences Handler component...

DSA-5714-1 roundcube - security update

Bulletin has no description...

Debian dsa-5714 : roundcube - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5714 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5714-1 [email protected]...

[SECURITY] [DLA 3835-1] roundcube security update

Debian LTS Advisory DLA-3835-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 17, 2024 https://wiki.debian.org/LTS Package : roundcube Version : 1.3.17+dfsg.1-1deb10u6 CVE ID : CVE-2024-37383 CVE-2024-37384 Debian Bug : 1071474 Cross-site scripting XSS...

DLA-3835-1 roundcube - security update

Bulletin has no description...

Debian dla-3835 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3835 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 [email protected]...

ROS-20240613-03

Vulnerability in program/lib/Roundcube/rcubestringreplacer.php component of RoundCube mail client Webmail exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

SUSE CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

SUSE CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences...

SUSE CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

Vulnerabilities fixed in RoundCube Webmail

RoundCube has fixed vulnerabilities in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially access sensitive data in the context of the victim'...