Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webmail
(Roundcube)| Repositories |
• https://github.com/roundcube/roundcubemail
• https://github.com/PHPMailer/PHPMailer |
| #Vulnerabilities | 67 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-05 | CVE-2024-42009 | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | Webmail | 9.3 | ||
| 2024-06-07 | CVE-2024-37384 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences. | Debian_linux, Webmail | N/A | ||
| 2024-06-07 | CVE-2024-37385 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. | Webmail | N/A |