Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list
columns from user preferences.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | roundcube | < 1.3.6+dfsg.1-1ubuntu0.1~esm4 | UNKNOWN |
ubuntu | 20.04 | noarch | roundcube | < 1.4.3+dfsg.1-1ubuntu0.1~esm4 | UNKNOWN |
ubuntu | 22.04 | noarch | roundcube | < 1.5.0+dfsg.1-2ubuntu0.1~esm3 | UNKNOWN |
ubuntu | 23.10 | noarch | roundcube | < 1.6.2+dfsg-1ubuntu0.2 | UNKNOWN |
ubuntu | 16.04 | noarch | roundcube | < 1.2~beta+dfsg.1-0ubuntu1+esm4 | UNKNOWN |
github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7
github.com/roundcube/roundcubemail/releases/tag/1.5.7
github.com/roundcube/roundcubemail/releases/tag/1.6.7
launchpad.net/bugs/cve/CVE-2024-37384
nvd.nist.gov/vuln/detail/CVE-2024-37384
security-tracker.debian.org/tracker/CVE-2024-37384
ubuntu.com/security/notices/USN-6848-1
www.cve.org/CVERecord?id=CVE-2024-37384