Ubuntu.comUB:CVE-2024-37383CVE-2024-37383
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG
animate attributes.
Bugs
References
github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
github.com/roundcube/roundcubemail/releases/tag/1.5.7
github.com/roundcube/roundcubemail/releases/tag/1.6.7
launchpad.net/bugs/cve/CVE-2024-37383
nvd.nist.gov/vuln/detail/CVE-2024-37383
security-tracker.debian.org/tracker/CVE-2024-37383
ubuntu.com/security/notices/USN-6848-1
www.cve.org/CVERecord?id=CVE-2024-37383
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%