Roundcube Webmail Security Vulnerabilities and Issues — Roundcube Webmail CVE List

Lucene search

RoundcubeRoundcube Webmail

6 matches found

CVE•added 2024/06/07 4:15 a.m.•61 views

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

6.1CVSS6.1AI score0.00183EPSS

CVE•added 2017/04/13 2:59 p.m.•56 views

CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

6.1CVSS5.9AI score0.00729EPSS

CVE•added 2017/04/13 2:59 p.m.•56 views

CVE-2016-4068

6.1CVSS5.9AI score0.00729EPSS

CVE•added 2017/05/23 4:29 a.m.•45 views

CVE-2015-5381

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

6.1CVSS6.1AI score0.02372EPSS

CVE•added 2016/01/29 7:59 p.m.•44 views

CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.

6.5CVSS6.1AI score0.00288EPSS

CVE•added 2017/05/23 4:29 a.m.•36 views

CVE-2015-5382

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

6.5CVSS6.5AI score0.01037EPSS