Lucene search
K

9 matches found

NVD
NVD
added 2026/05/25 8:16 p.m.15 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS0.00301EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:11 p.m.8 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00301EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/25 7:11 p.m.21 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/04/03 6:31 a.m.2 views

GHSA-VXG2-HHGR-37FX Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

5.4CVSS5.9AI score0.0031EPSS
Exploits0References7
NVD
NVD
added 2026/04/03 5:16 a.m.6 views

CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

6.5CVSS0.0031EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/03 3:47 a.m.5 views

CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

6.5CVSS5.2AI score0.0031EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.4 views

PT-2026-29979

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.13 Description An issue exists in Roundcube Webmail where insufficient Cascading Style Sheets CSS sanitization in HTML email messages could lead to Server-Side Request Forgery SSRF or Information...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References20
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.5 views

The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripting.

The vulnerability of the GLPI request and incident handling system is related to the use of ticket actions or the configuration of messages that include links to style sheets. Exploiting this vulnerability allows a malicious actor to carry out an attack using cross-site scripting...

5.5CVSS6.3AI score0.00736EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2016/08/25 12:0 a.m.5 views

PT-2022-7408 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.0 Description: The issue is related to the use of ticket followups or setup login messages with a stylesheet link in GLPI, which may allow for a cross-site scripting attack vector. This is partially mitigated by th...

10CVSS6.1AI score0.99628EPSS
Exploits32References130
Rows per page
Query Builder