An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
Max CVSS
6.5
EPSS Score
3.06%
Published
2020-05-04
Updated
2022-09-02
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Max CVSS
8.8
EPSS Score
11.24%
Published
2016-08-25
Updated
2018-10-30
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Max CVSS
6.8
EPSS Score
0.19%
Published
2015-01-15
Updated
2015-01-16
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.
Max CVSS
3.5
EPSS Score
0.24%
Published
2011-04-08
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
Max CVSS
6.8
EPSS Score
0.13%
Published
2009-11-25
Updated
2015-08-24
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.
Max CVSS
6.8
EPSS Score
0.13%
Published
2009-11-25
Updated
2015-08-24
6 vulnerabilities found