Cross-Site Scripting (XSS)

roundcube is vulnerable to Cross-Site Scripting XSS. The vulnerability due to a content-type or content-disposition header. It allow an attacker could modify with malicious content-Type leads to cross site scripting...

SUSE CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

DEBIAN-CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

UBUNTU-CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

Design/Logic Flaw

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. A malicious party could exploit the vulnerability to perform of a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or access sensitive data within the...

PT-2023-6963 · Roundcube +3 · Roundcube +3

Name of the Vulnerable Software and Affected Versions: Roundcube versions 1.5.x through 1.5.5 Roundcube versions 1.6.x through 1.6.4 Description: The issue is related to improper input neutralization during web page creation, which can lead to cross-site scripting XSS attacks via a Content-Type o...

Roundcube Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube versions prior to 1.5.6, 1.6.5, and 1.6.5, which originates from allowing cross-site scripting...

Fedora: Security Advisory (FEDORA-2023-735ee6d4e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

CVE-2023-47272

CVE-2023-47272 affects Roundcube Webmail (1.5.x before 1.5.6 and 1.6.x before 1.6.5). The underlying issue is improper handling of header values (Content-Type/Content-Disposition) when processing attachments, enabling a cross-site scripting (XSS) vulnerability via attachment preview or download. ...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.4-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

OPENSUSE-SU-2023:0345-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to version 1.6.4 boo1216429: CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages Fix PHP8 warnings Fix default 'mime.types' path on Windows Managesieve: Fix javascript error when relational or...

Attacks, Vulnerabilities and Actors 23 October to 29 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and three exploited...

Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting...