Webmail@1.2.0 Security Vulnerabilities and Issues — Webmail@1.2.0 CVE List

Lucene search

RoundcubeWebmail1.2.0

3 matches found

CVE•added 2017/11/09 2:29 p.m.•1062 views

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid u...

7.8CVSS7.2AI score0.30531EPSS

CVE•added 2016/12/08 6:59 p.m.•64 views

CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbi...

7.5CVSS7.5AI score0.44834EPSS

CVE•added 2017/03/12 5:59 a.m.•45 views

CVE-2017-6820

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

6.1CVSS5.7AI score0.00556EPSS