Roundcube » Roundcube Webmail : Security Vulnerabilities, CVEs, (XSS)
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Max CVSS
6.1
EPSS Score
0.17%
Published
2017-04-13
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
Max CVSS
6.1
EPSS Score
0.17%
Published
2017-04-13
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Max CVSS
6.1
EPSS Score
0.23%
Published
2017-05-23
Updated
2018-10-30
3 vulnerabilities found