17 matches found
Mageia: Security Advisory (MGASA-2020-0481)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:1014-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...
OPENSUSE-SU-2021:0974-1 Security update for roundcubemail
This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0974-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0942-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...
openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2021:0931-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0931-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-35730 NVD : 6.1...
Fedora 33 : roundcubemail (2021-73359af51c)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-73359af51c advisory. - An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text...
[ASA-202101-2] roundcubemail: cross-site scripting
Arch Linux Security Advisory ASA-202101-2 ========================================= Severity: High Date : 2021-01-04 CVE-ID : CVE-2020-35730 Package : roundcubemail Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1388 Summary ======= The package roundcubemail...
Updated roundcubemail package fixes security vulnerability
Fixes stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. CVE-2020-35730...
MGASA-2020-0481 Updated roundcubemail package fixes security vulnerability
Fixes stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. CVE-2020-35730...
Debian DSA-4821-1 : roundcube - security update
Alex Birnberg discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling HTML or Plain text messages with malicious content. C Tenable Network Security, Inc. The descriptive text and package checks in this plug...
CVE-2020-35730
creationtimestamp| type| source ---|---|--- 2020-12-28 22:28:59+00:00| seen| https://t.me/cibsecurity/21370 2023-06-22 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-06-28 19:04:46+00:00| seen| https://t.me/itsecnews/2805 2023-12-03 17:36:28+00:00| seen|...
CVE-2020-35730
Roundcube Webmail contains a cross-site scripting (XSS) vulnerability in rcube_string_replacer.php (linkref_addindex). An attacker can embed JavaScript in a plain-text email link reference, leading to script execution in the victim’s browser. Affected: Roundcube <1.2.13, <1.3.16 for 1.3.x, ...
[SECURITY] [DSA 4821-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4821-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2508-1] roundcube security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2508-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 28, 2020 https://wiki.debian.org/LTS -...
CVE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php. Recent assessments: Assess...