Roundcube: >> Webmail >> 1.5.6 Security Vulnerabilities
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
CVSS Score
9.3
EPSS Score
0.042
Published
2024-08-05
CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Known exploited
CVSS Score
9.3
EPSS Score
0.876
Published
2024-08-05
CVE-2024-37383
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
Known exploited
CVSS Score
6.1
EPSS Score
0.619
Published
2024-06-07
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-07