Roundcube: >> Webmail >> 1.4.4 Security Vulnerabilities
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
CVSS Score
6.1
EPSS Score
0.01
Published
2020-06-09
CVE-2020-13965
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Known exploited
CVSS Score
6.1
EPSS Score
0.766
Published
2020-06-09
Page 3