Roundcube: >> Webmail >> 1.4.8 Security Vulnerabilities
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-11-19
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-02-09
CVE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
Known exploited
CVSS Score
6.1
EPSS Score
0.679
Published
2020-12-28
Page 2