Lucene search
K

8 matches found

Check Point Advisories
Check Point Advisories
added 2022/09/18 12:0 a.m.22 views

Roundcube Webmail func.inc Cross-site Scripting (CVE-2018-19206)

A cross-site scripting vulnerability exists in Roundcube Webmail. The vulnerability is due to improper handling of a tag within HTML attachments. A remote attacker can exploit this vulnerability by enticing a user to open an attachment...

4.3CVSS1.4AI score0.60162EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/26 12:0 a.m.22 views

Debian DSA-4344-1 : roundcube - security update

Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.1CVSS5.9AI score0.60162EPSS
Exploits0References4
Debian
Debian
added 2018/11/24 8:51 p.m.22 views

[SECURITY] [DSA 4344-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...

4.3CVSS0.9AI score0.60162EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/11/19 12:0 a.m.44 views

Roundcube Webmail < 1.3.8 XSS Vulnerability

Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

6.1CVSS6AI score0.60162EPSS
Exploits0References1
OSV
OSV
added 2018/11/12 5:29 p.m.7 views

UBUNTU-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.7AI score0.60162EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2018/11/12 5:29 p.m.20 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.7AI score0.60162EPSS
Exploits0References7
CVE
CVE
added 2018/11/12 5:0 p.m.109 views

CVE-2018-19206

CVE-2018-19206 affects Roundcube Webmail: a cross‑site scripting vulnerability in how HTML attachments are parsed, via crafted content that can execute when an onload attribute is used in a BODY tag. Affected are Roundcube versions before 1.3.8 (and, per Debian advisories, prior patches and rela...

6.1CVSS5.7AI score0.60162EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2018/11/12 5:0 p.m.41 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS5.9AI score0.60162EPSS
Exploits0
Rows per page
Query Builder