Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. A malicious party could exploit the vulnerability to launch a Stored Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim and access sensitive data in the context of the victim's...

ROS-20231025-01

Vulnerability of program/lib/Roundcube/rcubewashtml.php component of RoundCube mail client is related to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to download arbitrary JavaScript code...

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

The vulnerability in the library program/lib/Roundcube/rcube_washtml.php of the RoundCube Webmail client allows a malicious user to execute arbitrary JavaScript code.

The vulnerability of the library program/lib/Roundcube/rcubewashtml.php of the RoundCube Webmail client exists because no measures have been taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code through a...

Fedora: Security Advisory for roundcubemail (FEDORA-2023-562e77957f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security...

APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

By Waqas ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks. This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities...

BIT-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attackerto load arbitrary JavaScript code...

[SECURITY] Fedora 38 Update: roundcubemail-1.6.4-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.4-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

VulnCheck KEV: CVE-2023-5631

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

Debian: Security Advisory (DLA-3630-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3630-1] roundcube security update

Debian LTS Advisory DLA-3630-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin October 24, 2023 https://wiki.debian.org/LTS Package : roundcube Version : 1.3.17+dfsg.1-1deb10u4 CVE ID : CVE-2023-5631 Debian Bug : 1054079 Denys Klymenko discovered a cross-site...

DLA-3630-1 roundcube - security update

Bulletin has no description...

Debian dla-3630 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3630 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3630-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DSA-5531-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5531-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5531-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 23, 2023 https://www.debian.org/security/faq -...

Debian DSA-5531-1 : roundcube - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5531 advisory. It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to...

DSA-5531-1 roundcube - security update

Bulletin has no description...

SUSE CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...