Roundcube: >> Webmail >> 1.3.17 Security Vulnerabilities
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-06-24
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-02-09
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVSS Score
6.1
EPSS Score
0.023
Published
2020-05-04
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
CVSS Score
6.5
EPSS Score
0.013
Published
2020-05-04
Page 2