5 matches found
BIT-ROUNDCUBE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...
The vulnerability of the linkref_addindex function in the rcube_string_replacer.php component of the Roundcube webmail client allows a attacker to compromise the integrity of data, due to deficiencies in the security measures used to protect web page structures.
The vulnerability of the linkrefaddindex function in the Roundcube email client’s rcubestringreplacer.php component is related to the lack of content validation for links. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...
CVE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...
CVE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...
CVE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php. Recent assessments: Assess...