2031 matches found
CVE-2023-46267
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-5631. Reason: This candidate is a duplicate of CVE-2023-5631. Notes: All CVE users should reference CVE-2023-5631 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Cross-site Scripting (XSS)
roundcube is vulnerable to Cross-site Scripting XSS. This vulnerability allows an attacker to inject malicious code into a user's web browser, which could then be executed when the user views a specially crafted email...
PT-2023-29938 · Roundcube · Roundcube
Name of the Vulnerable Software and Affected Versions: Roundcube versions 1.4.x through 1.4.14 Roundcube versions 1.5.x through 1.5.4 Roundcube versions 1.6.x through 1.6.3 Description: The issue allows for XSS via a text/html e-mail message containing an SVG image with a USE element. This is...
Roundcube Webmail < 1.4.15, 1.5.x < 1.5.5, 1.6.x < 1.6.4 XSS Vulnerability
Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
DEBIAN-CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
Cross site scripting
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
UBUNTU-CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631 Stored XSS vulnerability in Roundcube
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631 Stored XSS vulnerability in Roundcube
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631
CVE-2023-5631 affects Roundcube Webmail. The issue is a stored XSS via an HTML e-mail message containing a crafted SVG, caused by logic in Roundcube’s rcube_washtml.php. Affected versions are Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4. Successful exploitation could allow ...
CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
Roundcube Webmail Cross-Site Scripting Vulnerability
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.4.15, 1.5.5, and 1.6.4, which stems from a security issue in...
CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Recent assessments: Assess...
FreeBSD : Roundcube -- XSS vulnerability in SVG (d2ad7647-6dd9-11ee-85eb-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2ad7647-6dd9-11ee-85eb-84a93843eb75 advisory. - The Roundcube project reports: cross-site scripting XSS vulnerability in handling of SVG in HTML...
Roundcube -- XSS vulnerability in SVG
The Roundcube project reports: cross-site scripting XSS vulnerability in handling of SVG in HTML messages...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Roundcube Webmail vulnerabilities (USN-5182-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5182-1 advisory. It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A...
Cross-site Scripting (XSS)
roundcube is vulnerable to Cross-site Scripting XSS. The vulnerability is found in the text/plain email messages section within rcubestringreplacer.php, enabling an attacker to inject and execute malicious JavaScript through maliciously crafted links...