5 matches found
openSUSE Security Update : roundcubemail (openSUSE-2017-355)
This update to roundcubemail 1.1.8 fixes security issues and bugs. The following vulnerability was fixed : - CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element boo1029035 The following bugs were fixed : - bug where mail content frame couldn't be reset in some corner case...
Roundcube mail body of the stored cross site Vulnerability(CVE-2017-6820)
Author: Badcode, sebao know Chong Yu 404 security lab Date: 2017-03-17 0x00 vulnerability overview 1. Vulnerability description Roundcube is a widely used open source e-mail program, in the globe there are many organizations and companies are in use. On the server to successfully install...
CVE-2017-6820
rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element...
CVE-2017-6820
CVE-2017-6820 affects Roundcube’s webmail software via rcube_utils.php. The vulnerability is a cross-site scripting (XSS) flaw caused by a crafted CSS token sequence inside an SVG element, impacting Roundcube versions before 1.1.8 and 1.2.x before 1.2.4. Exploitation details indicate a remote att...
CVE-2017-6820
rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element...