GHSA-VXG2-HHGR-37FX Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

EUVD-2020-8111

Malware in sbrugna...

EUVD-2005-2026

Malware in sbrugna...

Fedora 38 : roundcubemail (2023-955e390a13)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-955e390a13 advisory. Version 1.6.4 - Fix PHP8 warnings 9142, 9160 - Fix default 'mime.types' path on Windows 9113 - Managesieve: Fix javascript error when relational or spamtest...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2022:10148-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10148-1 advisory. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a...

USN-5663-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the...

Debian: Security Advisory (DLA-2878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Roundcube -- XSS vulnerability

The Roundcube project reports: Cross-site scripting XSS via HTML messages with malicious CSS content...

OPENSUSE-SU-2021:0959-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

OPENSUSE-SU-2021:0931-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

MGASA-2021-0130 Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

Cross-Site Scripting (XSS)

roundcube is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via HTML messages during message display...

openSUSE Security Update : roundcubemail (openSUSE-2020-1516)

This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...

Updated roundcubemail packages fix security vulnerabilities

Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...

DEBIAN-CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

UBUNTU-CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

Cross site scripting

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15...

CVE-2020-16145

CVE-2020-16145 affects Roundcube Webmail prior to 1.3.15 and 1.4.8, where a crafted SVG in HTML messages can trigger stored XSS during display. Advisories confirm fixes in 1.3.15 and 1.4.8; remediation is to upgrade to these versions or newer. Occurrence details are supported by OpenSUSE/Tenable/...