Roundcube

Webmail

68 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-5646

Exploit
  • EPSS 0.16%
  • Published 29.08.2013 12:07:56
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.

4.3

CVE-2012-6121

  • EPSS 0.41%
  • Published 24.02.2013 21:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

4.3

CVE-2012-4668

  • EPSS 5.06%
  • Published 25.08.2012 10:29:53
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

4.3

CVE-2012-3508

  • EPSS 10%
  • Published 25.08.2012 10:29:52
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

2.6

CVE-2012-3507

Exploit
  • EPSS 0.41%
  • Published 25.08.2012 10:29:52
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

2.6

CVE-2012-1253

  • EPSS 0.25%
  • Published 04.06.2012 15:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

5

CVE-2011-4078

  • EPSS 0.86%
  • Published 03.11.2011 15:55:00
  • Last modified 11.04.2025 00:51:21

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject he...

4.3

CVE-2011-2937

Exploit
  • EPSS 0.67%
  • Published 21.09.2011 16:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

5.5

CVE-2011-1492

  • EPSS 0.39%
  • Published 08.04.2011 15:17:28
  • Last modified 11.04.2025 00:51:21

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP...

3.5

CVE-2011-1491

  • EPSS 0.39%
  • Published 08.04.2011 15:17:28
  • Last modified 11.04.2025 00:51:21

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login ...