Roundcube

Webmail

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-1433

Exploit
  • EPSS 0.68%
  • Veröffentlicht 03.02.2015 16:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

6.8

CVE-2014-9587

  • EPSS 3.65%
  • Veröffentlicht 15.01.2015 15:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) ...

5

CVE-2013-1904

  • EPSS 0.34%
  • Veröffentlicht 08.02.2014 00:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setti...

7.5

CVE-2013-6172

  • EPSS 1.11%
  • Veröffentlicht 05.11.2013 18:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and...

3.5

CVE-2013-5646

Exploit
  • EPSS 0.16%
  • Veröffentlicht 29.08.2013 12:07:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.

4.3

CVE-2013-5645

Exploit
  • EPSS 0.31%
  • Veröffentlicht 29.08.2013 12:07:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; ...

4.3

CVE-2012-6121

  • EPSS 0.41%
  • Veröffentlicht 24.02.2013 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

4.3

CVE-2012-4668

  • EPSS 5.06%
  • Veröffentlicht 25.08.2012 10:29:53
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

4.3

CVE-2012-3508

  • EPSS 10%
  • Veröffentlicht 25.08.2012 10:29:52
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

2.6

CVE-2012-3507

Exploit
  • EPSS 0.41%
  • Veröffentlicht 25.08.2012 10:29:52
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.