Roundcube Webmail Security Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.7, 1.6.x through 1.6.7, which originated from allowing cross-site scripting...

Roundcube Webmail Security Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.7, 1.6.x through 1.6.7, which originates from allowing cross-site scripting...

Roundcube Webmail Security Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.7, 1.6.x through 1.6.7, which stems from a command injection attack allowed v...

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences...

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2024-37383

CVE-2024-37383 affects Roundcube Webmail: an XSS caused by improper handling of SVG animate attributes in messages. Affected versions are Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7. Public details include a stored XSS instance reported for Roundcube 1.6.6 (Exploit-DB). Debian advisorie...

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences...

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

PT-2024-4339

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.5.0 through 1.5.6 Roundcube Webmail versions 1.6.0 through 1.6.6 Description The issue is related to an incomplete fix for a previous problem and allows command injection via im convert path and im identify path...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.7-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 40 Update: roundcubemail-1.6.7-1.fc40

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

MGASA-2024-0193 Updated roundcubemail packages fix security vulnerabilities

This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting XSS vulnerability in handling list columns from user preferences...

PT-2024-41052 · Unknown · Roundcube Webmail

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.6.x Description: The issue concerns several security problems, including cross-site scripting XSS vulnerabilities in handling SVG animate attributes and list columns from user preferences, as well as a command...

FreeBSD : Roundcube -- Cross-site scripting vulnerabilities (e020b0fd-1751-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e020b0fd-1751-11ef-a490-84a93843eb75 advisory. The Roundcube project reports: cross-site scripting XSS vulnerability in handling SVG animate attribute...

PT-2024-4655

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions prior to 1.5.7 and 1.6.x prior to 1.6.7 Description: The issue is related to a stored cross-site scripting vulnerability in the Roundcube webmail software, allowing an attacker to execute JavaScript code on the user...

PT-2024-4656 · Unknown +3 · Roundcube Webmail +3

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.5.0 through 1.5.6 Roundcube Webmail versions 1.6.0 through 1.6.6 Description: The issue is related to insufficient protection of the web page structure in Roundcube Webmail, allowing a remote attacker to conduct...

Roundcube -- Cross-site scripting vulnerabilities

The Roundcube project reports: cross-site scripting XSS vulnerability in handling SVG animate attributes. cross-site scripting XSS vulnerability in handling list columns from user preferences...

BIT-ROUNDCUBE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...

BIT-ROUNDCUBE-2020-12640

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcubepluginapi.php...

BIT-ROUNDCUBE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...