Webmail Security Vulnerabilities and Issues — Webmail CVE List

Lucene search

RoundcubeWebmail

3 matches found

CVE•added 2011/04/08 3:17 p.m.•44 views

CVE-2011-1491

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-m...

3.5CVSS5.6AI score0.0039EPSS

CVE•added 2015/11/10 5:59 p.m.•42 views

CVE-2015-8105

Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

3.5CVSS6.3AI score0.0018EPSS

CVE•added 2013/08/29 12:7 p.m.•31 views

CVE-2013-5646

Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.

3.5CVSS5.4AI score0.00159EPSS