Shodan
Vulnerabilities
Vulnerable Software
Roundcube:  Security Vulnerabilities
CVE-2023-5631
Known exploited
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
CVSS Score
6.1
EPSS Score
0.845
Published
2023-10-18
CVE-2023-43770
Known exploited
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
CVSS Score
6.1
EPSS Score
0.731
Published
2023-09-22
CVE-2021-46144
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
CVSS Score
6.1
EPSS Score
0.013
Published
2022-01-06
CVE-2021-44026
Known exploited
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
CVSS Score
9.8
EPSS Score
0.64
Published
2021-11-19
CVE-2021-44025
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-11-19
CVE-2020-18670
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-06-24
CVE-2020-18671
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-06-24
CVE-2021-26925
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-02-09
CVE-2020-35730
Known exploited
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
CVSS Score
6.1
EPSS Score
0.695
Published
2020-12-28
CVE-2020-16145
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved