2 matches found
CVE-2026-35543
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributevalue function due to improper sanitization of SVG animate attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into ...