Roundcube

Webmail

91 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.45%
  • Veröffentlicht 21.09.2011 16:55:03
  • Zuletzt bearbeitet 16.06.2026 23:32:17

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

  • EPSS 1.76%
  • Veröffentlicht 08.04.2011 15:17:28
  • Zuletzt bearbeitet 16.06.2026 23:29:29

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP...

  • EPSS 1.52%
  • Veröffentlicht 08.04.2011 15:17:28
  • Zuletzt bearbeitet 16.06.2026 23:29:29

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login ...

  • EPSS 1.96%
  • Veröffentlicht 29.01.2010 18:30:01
  • Zuletzt bearbeitet 16.06.2026 23:16:13

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requ...

  • EPSS 1.34%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 16.06.2026 23:12:59

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerabilit...

  • EPSS 1.34%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 16.06.2026 23:12:59

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerabil...

  • EPSS 1.98%
  • Veröffentlicht 03.02.2009 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:59

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

  • EPSS 2.58%
  • Veröffentlicht 17.12.2008 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:40

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

Exploit
  • EPSS 54%
  • Veröffentlicht 17.12.2008 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:40

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input tha...

Exploit
  • EPSS 5.44%
  • Veröffentlicht 12.12.2007 01:46:00
  • Zuletzt bearbeitet 16.06.2026 22:47:49

Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.