Webmail@* Security Vulnerabilities and Issues — Webmail@* CVE List

Lucene search

RoundcubeWebmail*

5 matches found

CVE•added 2024/08/05 7:15 p.m.•157 views

CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

9.3CVSS6AI score0.86797EPSS

CVE•added 2024/06/07 4:15 a.m.•134 views

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

6.1CVSS6.1AI score0.61419EPSS

CVE•added 2024/06/07 4:15 a.m.•121 views

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.

9.8CVSS9.8AI score0.93068EPSS

CVE•added 2024/08/05 7:15 p.m.•120 views

CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

9.3CVSS6.1AI score0.04154EPSS

CVE•added 2024/06/07 4:15 a.m.•61 views

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

6.1CVSS6.1AI score0.00183EPSS