Roundcube: Security Vulnerabilities
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
CVSS Score
7.8
EPSS Score
0.006
Published
2008-12-17
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
CVSS Score
4.3
EPSS Score
0.052
Published
2007-12-12
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-12-20
Page 9