3 matches found
UBUNTU-CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
UBUNTU-CVE-2020-26258
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...
PT-2020-6136 · Thornton Rose +3 · Xstream +3
Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.15 Description: The issue is related to a Server-Side Forgery Request vulnerability in XStream, a Java library used to serialize objects to XML and back again. This vulnerability can be activated when unmarshalli...