CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-57004

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/riya98241/CVE/blob/main/CVE-2024-57004
https://github.com/roundcube/roundcubemail/releases/tag/1.6.9

Products affected by CVE-2024-57004

Roundcube » Webmail » Version: 1.6.9

cpe:2.3:a:roundcube:webmail:1.6.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-57004

Products

Pricing

Contact Us