Roundcube Webmail 1.6.0 Beta

CPE Details

Roundcube Webmail 1.6.0 Beta
roundcube
webmail
1.6.0
2023-10-24
14h31 +00:00
2023-10-24
14h31 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:roundcube:webmail:1.6.0:beta:*:*:*:*:*:*

Informations

Vendor

roundcube

Product

webmail

Version

1.6.0

Update

beta

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-42008 2024-08-05 00h00 +00:00 A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
9.3
Critique
CVE-2024-42009 2024-08-05 00h00 +00:00 A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
9.3
Critique
CVE-2024-37383 2024-06-06 22h00 +00:00 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
6.1
Moyen
CVE-2023-47272 2023-11-04 23h00 +00:00 Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
6.1
Moyen
CVE-2023-5631 2023-10-18 14h51 +00:00 Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
6.1
Moyen
CVE-2023-43770 2023-09-21 22h00 +00:00 Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
6.1
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.