Webmail Security Vulnerabilities and Issues — Webmail CVE List

Lucene search

RoundcubeWebmail

3 matches found

CVE•added 2023/10/18 3:15 p.m.•446 views

CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

6.1CVSS5.7AI score0.9074EPSS

CVE•added 2023/09/22 6:15 a.m.•211 views

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

6.1CVSS5.8AI score0.7848EPSS

CVE•added 2023/11/06 12:15 a.m.•81 views

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

6.1CVSS5.7AI score0.00425EPSS