Ubuntu: Security Advisory (USN-8097-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Roundcube Webmail vulnerabilities (USN-8097-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8097-1 advisory. It was discovered that Roundcube Webmail did not properly sanitize the animate tag within SVG documents. An attacker could...

USN-8097-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail did not properly sanitize the animate tag within SVG documents. An attacker could possibly use this issue to cause a cross-site scripting attack...

USN-8097-1: Roundcube Webmail vulnerabilities

It was discovered that Roundcube Webmail did not properly sanitize the animate tag within SVG documents. An attacker could possibly use this issue to cause a cross-site scripting attack...

RoundCube Webmail Cross-site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...

VulnCheck KEV: CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

Updated roundcubemail packages fix security vulnerabilities

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...

Exploit for CVE-2025-68461

CVE-2025-68461 Roundcube Webmail before 1.5.12 and 1.6 befor...

SUSE CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

Debian dsa-6087 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6087 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6087-1 [email protected]...

EUVD-2025-204035

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

UBUNTU-CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

CVE-2025-68461

CVE-2025-68461 affects Roundcube Webmail: cross-site scripting via the animate element in an SVG document, impacting Roundcube Webmail < 1.6.12 and

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of SVG documents, specifically when processing the animate tag. An attacker can execute arbitrary scripts in the context of the victim's webmail session by tricking a user into opening an email...

CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.5.12 and 1.6.12 prior to 1.6.12, which...