The vulnerability of the program/lib/Roundcube/rcube_string_replacer.php component of the RoundCube Webmail client allows a attacker to perform cross-site scripting attacks.

The vulnerability of the program/lib/Roundcube/rcubestringreplacer.php component of the RoundCube Webmail client exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

VulnCheck KEV: CVE-2020-35730

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkrefaddinindex in rcubestringreplacer.php...

SUSE CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...

UBUNTU-CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...

Roundcube Webmail 跨站脚本漏洞

RoundCube Webmail is a browser-based, multi-language IMAP client with a desktop-like interface. A cross-site scripting vulnerability exists in linkrefaddindex in rcubestringreplacer.php in Roundcube Webmail, which can be exploited by an attacker via a specially crafted email...