Vulnerability Details CVE-2019-13389
RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
- https://lists.debian.org/debian-lts-announce/2023/05/msg00027.html
- https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
- https://lists.debian.org/debian-lts-announce/2023/05/msg00027.html
Products affected by CVE-2019-13389
-
cpe:2.3:a:rainloop:webmail:1.10.1.117
-
cpe:2.3:a:rainloop:webmail:1.10.1.121
-
cpe:2.3:a:rainloop:webmail:1.10.1.123
-
cpe:2.3:a:rainloop:webmail:1.10.1.127
-
cpe:2.3:a:rainloop:webmail:1.10.2.131
-
cpe:2.3:a:rainloop:webmail:1.10.2.133
-
cpe:2.3:a:rainloop:webmail:1.10.2.136
-
cpe:2.3:a:rainloop:webmail:1.10.2.137
-
cpe:2.3:a:rainloop:webmail:1.10.2.140
-
cpe:2.3:a:rainloop:webmail:1.10.2.141
-
cpe:2.3:a:rainloop:webmail:1.10.2.145
-
cpe:2.3:a:rainloop:webmail:1.10.3.150
-
cpe:2.3:a:rainloop:webmail:1.10.3.151
-
cpe:2.3:a:rainloop:webmail:1.10.4.160
-
cpe:2.3:a:rainloop:webmail:1.10.4.176
-
cpe:2.3:a:rainloop:webmail:1.10.4.177
-
cpe:2.3:a:rainloop:webmail:1.10.4.179
-
cpe:2.3:a:rainloop:webmail:1.10.4.180
-
cpe:2.3:a:rainloop:webmail:1.10.4.181
-
cpe:2.3:a:rainloop:webmail:1.10.4.183
-
cpe:2.3:a:rainloop:webmail:1.10.5.192
-
cpe:2.3:a:rainloop:webmail:1.11.0.201
-
cpe:2.3:a:rainloop:webmail:1.11.0.203