Roundcube Webmail@1.1.1 Security Vulnerabilities and Issues — Roundcube Webmail@1.1.1 CVE List

Lucene search

RoundcubeRoundcube Webmail1.1.1

5 matches found

CVE•added 2017/05/23 4:29 a.m.•555 views

CVE-2015-5383

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

7.5CVSS7.1AI score0.01804EPSS

CVE•added 2017/04/13 2:59 p.m.•56 views

CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

6.1CVSS5.9AI score0.00729EPSS

CVE•added 2017/04/13 2:59 p.m.•56 views

CVE-2016-4068

6.1CVSS5.9AI score0.00729EPSS

CVE•added 2017/05/23 4:29 a.m.•45 views

CVE-2015-5381

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

6.1CVSS6.1AI score0.02372EPSS

CVE•added 2017/05/23 4:29 a.m.•36 views

CVE-2015-5382

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

6.5CVSS6.5AI score0.01037EPSS