Shodan
Vulnerabilities
Vulnerable Software
Roundcube:  >> Webmail  >> 0.8.0  Security Vulnerabilities
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
CVSS Score
6.8
EPSS Score
0.021
Published
2015-01-15
CVE-2013-1904
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.
CVSS Score
5.0
EPSS Score
0.023
Published
2014-02-08
CVE-2013-6172
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.029
Published
2013-11-05
CVE-2013-5645
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.
CVSS Score
4.3
EPSS Score
0.019
Published
2013-08-29
CVE-2012-6121
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
CVSS Score
4.3
EPSS Score
0.02
Published
2013-02-24
CVE-2012-4668
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
CVSS Score
4.3
EPSS Score
0.037
Published
2012-08-25
CVE-2012-3508
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
CVSS Score
4.3
EPSS Score
0.042
Published
2012-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved