Webmail Security Vulnerabilities and Issues — Webmail CVE List

Lucene search

RoundcubeWebmail

4 matches found

CVE•added 2020/05/04 3:15 p.m.•575 views

CVE-2020-12641

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

9.8CVSS9.5AI score0.93068EPSS

CVE•added 2020/05/04 2:15 a.m.•186 views

CVE-2020-12625

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

6.1CVSS5.8AI score0.04158EPSS

CVE•added 2020/05/04 3:15 p.m.•180 views

CVE-2020-12640

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

9.8CVSS9.1AI score0.22659EPSS

CVE•added 2020/05/04 2:15 a.m.•102 views

CVE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.

6.5CVSS6.3AI score0.0174EPSS