Webmail@1.3.0 Security Vulnerabilities and Issues — Webmail@1.3.0 CVE List

Lucene search

RoundcubeWebmail1.3.0

4 matches found

CVE•added 2020/12/28 8:15 p.m.•637 views

CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

6.1CVSS6.1AI score0.50234EPSS

In wild

CVE•added 2020/05/04 3:15 p.m.•594 views

CVE-2020-12641

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

9.8CVSS9.5AI score0.93068EPSS

In wild

CVE•added 2020/05/04 3:15 p.m.•184 views

CVE-2020-12640

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

9.8CVSS9.1AI score0.20084EPSS

CVE•added 2020/07/06 12:15 p.m.•170 views

CVE-2020-15562

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.

6.1CVSS5.7AI score0.00861EPSS