Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-42008

Опубликовано: 05 авг. 2024
Источник: debian
EPSS Низкий

Описание

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
roundcubefixed1.6.8+dfsg-1package

Примечания

  • https://github.com/roundcube/roundcubemail/commit/89c8fe9ae9318c015807fbcbf7e39555fb30885d

  • Regression/follow-up: https://github.com/roundcube/roundcubemail/commit/32fed15346e5b842042e5dd1001d6878225c5367

EPSS

Процентиль: 88%
0.04154
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-42008

CVSS3: 9.3
ubuntu
11 месяцев назад

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

nvd логотип

CVE-2024-42008

CVSS3: 9.3
nvd
11 месяцев назад

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

github логотип

GHSA-78jf-j6qx-c7j3

CVSS3: 9.3
github
11 месяцев назад

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

fstec логотип

BDU:2024-06254

CVSS3: 6.1
fstec
около 1 года назад

Уязвимость функции rcmail_action_mail_get->run() почтового клиента RoundCube Webmail, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

suse-cvrf логотип

openSUSE-SU-2024:0328-1

suse-cvrf
9 месяцев назад

Security update for roundcubemail

EPSS

Процентиль: 88%
0.04154
Низкий