Webmail Security Vulnerabilities and Issues — Webmail CVE List

Lucene search

RoundcubeWebmail

4 matches found

CVE•added 2012/08/25 10:29 a.m.•50 views

CVE-2012-3507

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

2.6CVSS5.5AI score0.00407EPSS

CVE•added 2012/08/25 10:29 a.m.•49 views

CVE-2012-3508

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

4.3CVSS5.5AI score0.09998EPSS

CVE•added 2012/08/25 10:29 a.m.•39 views

CVE-2012-4668

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

4.3CVSS5.8AI score0.05064EPSS

CVE•added 2012/06/04 3:55 p.m.•34 views

CVE-2012-1253

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

2.6CVSS5.5AI score0.00254EPSS