Roundcube

Webmail

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-4068

  • EPSS 0.41%
  • Veröffentlicht 13.04.2017 14:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

6.1

CVE-2017-6820

  • EPSS 0.56%
  • Veröffentlicht 12.03.2017 05:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

8.8

CVE-2015-2181

Exploit
  • EPSS 0.76%
  • Veröffentlicht 30.01.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

9

CVE-2015-2180

Exploit
  • EPSS 2.74%
  • Veröffentlicht 30.01.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

6.1

CVE-2016-4552

Exploit
  • EPSS 0.28%
  • Veröffentlicht 20.12.2016 22:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

7.5

CVE-2016-9920

Exploit
  • EPSS 38.3%
  • Veröffentlicht 08.12.2016 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which ...

8.8

CVE-2016-4069

  • EPSS 1.13%
  • Veröffentlicht 25.08.2016 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified ve...

6.1

CVE-2015-8793

Exploit
  • EPSS 0.28%
  • Veröffentlicht 29.01.2016 19:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a differ...

3.5

CVE-2015-8105

  • EPSS 0.18%
  • Veröffentlicht 10.11.2015 17:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

4.3

CVE-2015-1433

Exploit
  • EPSS 0.68%
  • Veröffentlicht 03.02.2015 16:59:24
  • Zuletzt bearbeitet 06.05.2026 22:30:45

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.