RoundCube Webmail 1.4.5

CPE Details

RoundCube Webmail 1.4.5
roundcube
webmail
1.4.5
2020-06-09
09h51 +00:00
2022-03-10
13h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:roundcube:webmail:1.4.5:*:*:*:*:*:*:*

Informations

Vendor

roundcube

Product

webmail

Version

1.4.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-42008 2024-08-04 22h00 +00:00 A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
9.3
Critical
CVE-2024-42009 2024-08-04 22h00 +00:00 A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
9.3
Critical
CVE-2024-37383 2024-06-06 22h00 +00:00 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
6.1
Medium
CVE-2023-5631 2023-10-18 14h51 +00:00 Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
6.1
Medium
CVE-2023-43770 2023-09-21 22h00 +00:00 Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
6.1
Medium
CVE-2021-44026 2021-11-19 03h47 +00:00 Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
9.8
Critical
CVE-2021-44025 2021-11-19 02h47 +00:00 Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
6.1
Medium
CVE-2021-26925 2021-02-09 07h53 +00:00 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
5.4
Medium
CVE-2020-35730 2020-12-28 19h37 +00:00 An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
6.1
Medium
CVE-2020-16145 2020-08-12 10h29 +00:00 Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
6.1
Medium
CVE-2020-15562 2020-07-06 09h26 +00:00 An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
6.1
Medium