CPE-755E6C41-9784-481E-BEDD-7A85AF1E43F4 Detail

CPE Details

RoundCube Webmail 0.8.1

Vendor

roundcube

Product

webmail

Version

0.8.1

Created

2012-08-27
14h16 +00:00

Modified

2022-03-10
13h30 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:roundcube:webmail:0.8.1:::::::*

Informations

Vendor

roundcube

Product

webmail

Version

0.8.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-42008	2024-08-04 22h00 +00:00	A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.	9.3	Critical
CVE-2024-42009	2024-08-04 22h00 +00:00	A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.	9.3	Critical
CVE-2024-37383	2024-06-06 22h00 +00:00	Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.	6.1	Medium
CVE-2023-5631	2023-10-18 14h51 +00:00	Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.	6.1	Medium
CVE-2023-43770	2023-09-21 22h00 +00:00	Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.	6.1	Medium
CVE-2021-44026	2021-11-19 03h47 +00:00	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.	9.8	Critical
CVE-2021-44025	2021-11-19 02h47 +00:00	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.	6.1	Medium
CVE-2020-18671	2021-06-24 16h14 +00:00	Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.	5.4	Medium
CVE-2021-26925	2021-02-09 07h53 +00:00	Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.	5.4	Medium
CVE-2020-35730	2020-12-28 19h37 +00:00	An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.	6.1	Medium
CVE-2020-16145	2020-08-12 10h29 +00:00	Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.	6.1	Medium
CVE-2020-15562	2020-07-06 09h26 +00:00	An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.	6.1	Medium
CVE-2020-13964	2020-06-09 00h45 +00:00	An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.	6.1	Medium
CVE-2020-13965	2020-06-09 00h45 +00:00	An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.	6.3	Medium
CVE-2020-12625	2020-05-03 23h57 +00:00	An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.	6.1	Medium
CVE-2020-12626	2020-05-03 23h57 +00:00	An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.	6.5	Medium
CVE-2019-15237	2019-08-19 22h39 +00:00	Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.	7.4	High
CVE-2019-10740	2019-04-07 12h36 +00:00	In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.	4.3	Medium
CVE-2018-19205	2018-11-12 17h00 +00:00	Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.	7.5	High
CVE-2018-19206	2018-11-12 16h00 +00:00	steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of	6.1	Medium
CVE-2018-1000071	2018-03-13 14h00 +00:00	roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.	7.5	High
CVE-2017-16651	2017-11-09 14h00 +00:00	Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.	7.8	High
CVE-2017-8114	2017-04-29 17h00 +00:00	Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.	8.8	High
CVE-2015-8864	2017-04-13 12h00 +00:00	Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.	6.1	Medium
CVE-2016-4068	2017-04-13 12h00 +00:00	Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.	6.1	Medium
CVE-2017-6820	2017-03-12 03h57 +00:00	rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.	6.1	Medium
CVE-2015-2181	2017-01-30 21h00 +00:00	Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.	8.8	High
CVE-2016-9920	2016-12-08 17h00 +00:00	steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.	7.5	High
CVE-2016-4069	2016-08-25 16h00 +00:00	Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.	8.8	High
CVE-2015-8793	2016-01-29 19h00 +00:00	Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.	6.1	Medium
CVE-2015-8105	2015-11-10 15h00 +00:00	Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.	3.5
CVE-2015-1433	2015-02-03 15h00 +00:00	program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.	4.3
CVE-2014-9587	2015-01-15 14h00 +00:00	Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.	6.8
CVE-2013-1904	2014-02-07 23h00 +00:00	Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.	5
CVE-2013-6172	2013-11-05 17h00 +00:00	steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.	7.5
CVE-2013-5645	2013-08-29 08h00 +00:00	Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.	4.3
CVE-2012-6121	2013-02-24 20h00 +00:00	Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.	4.3
CVE-2012-4668	2012-08-25 10h00 +00:00	Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.	4.3

RoundCube Webmail 0.8.1

CPE Details

CPE Name: cpe:2.3:a:roundcube:webmail:0.8.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:roundcube:webmail:0.8.1:::::::*