Описание
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-26925
- https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5QPAMYM2DQODSCQIAVNFJR2ETG7WMJOD
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q752JPOHTR6H72FK3EIPJZ5O24Z7RGLM
- https://roundcube.net/news/2021/02/08/security-update-1.4.11
Связанные уязвимости
CVSS3: 5.4
ubuntu
почти 5 лет назад
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS3: 5.4
nvd
почти 5 лет назад
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS3: 5.4
debian
почти 5 лет назад
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...