Webmail Security Vulnerabilities and Issues — Webmail CVE List

Lucene search

RoundcubeWebmail

9 matches found

CVE•added 2019/04/07 3:29 p.m.•146 views

CVE-2019-10740

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the at...

4.3CVSS5.3AI score0.00079EPSS

CVE•added 2015/02/03 4:59 p.m.•60 views

CVE-2015-1433

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

4.3CVSS7.8AI score0.00557EPSS

CVE•added 2012/08/25 10:29 a.m.•49 views

CVE-2012-3508

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

4.3CVSS5.5AI score0.09998EPSS

CVE•added 2009/02/03 11:30 p.m.•47 views

CVE-2009-0413

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

4.3CVSS5.5AI score0.00407EPSS

CVE•added 2013/02/24 9:55 p.m.•44 views

CVE-2012-6121

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

4.3CVSS5.4AI score0.00407EPSS

CVE•added 2011/09/21 4:55 p.m.•43 views

CVE-2011-2937

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

4.3CVSS5.9AI score0.00665EPSS

CVE•added 2012/08/25 10:29 a.m.•39 views

CVE-2012-4668

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

4.3CVSS5.8AI score0.05064EPSS

CVE•added 2007/12/12 1:46 a.m.•38 views

CVE-2007-6321

Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.

4.3CVSS5.4AI score0.07557EPSS

CVE•added 2013/08/29 12:7 p.m.•37 views

CVE-2013-5645

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to...

4.3CVSS5.2AI score0.00305EPSS