Roundcube: >> Webmail >> 1.3.16 Security Vulnerabilities
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVSS Score
6.1
EPSS Score
0.042
Published
2020-05-04
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
CVSS Score
6.5
EPSS Score
0.017
Published
2020-05-04
Page 2