14 matches found
CVE-2026-35544
A flaw was found in Roundcube Webmail. Insufficient sanitization of Cascading Style Sheets CSS in HTML email messages allows a remote attacker to bypass fixed-position mitigations. This can lead to a bypass of security controls designed to prevent certain types of attacks...
EUVD-2026-18591
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
GHSA-XPQH-GRPW-4XMG Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
UBUNTU-CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
CVE-2026-35544
CVE-2026-35544 affects Roundcube Webmail before 1.5.14 and 1.6.14. The issue is insufficient CSS sanitization in HTML emails, which may allow a fixed-position mitigation bypass via the use of !important. CVSS v3.1 base score 5.3 (Network, Low complexity, No privileges, No user interaction). The d...
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
PT-2026-29983
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
Nextcloud: position: fixed !important bypasses CSS sanitizer's fixed-position mitigation, enabling full-viewport phishing overlays.
A vulnerability was discovered in the CSS sanitization process of the Roundcube webmail application. The sanitizer failed to properly handle the "position: fixed !important" CSS declaration, allowing an attacker to bypass the mitigation for fixed-position overlays. This could enable the creation ...