RoundCube Webmail 1.6.6

CPE Details

RoundCube Webmail 1.6.6
roundcube
webmail
1.6.6
2025-01-14
15h09 +00:00
2025-01-14
15h09 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:roundcube:webmail:1.6.6:*:*:*:*:*:*:*

Informations

Vendor

roundcube

Product

webmail

Version

1.6.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-42008 2024-08-05 00h00 +00:00 A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
9.3
Critique
CVE-2024-42009 2024-08-05 00h00 +00:00 A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
9.3
Critique
CVE-2024-37383 2024-06-06 22h00 +00:00 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
6.1
Moyen