Описание
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-26925
- https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5QPAMYM2DQODSCQIAVNFJR2ETG7WMJOD
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q752JPOHTR6H72FK3EIPJZ5O24Z7RGLM
- https://roundcube.net/news/2021/02/08/security-update-1.4.11
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 4 лет назад
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS3: 5.4
nvd
больше 4 лет назад
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
CVSS3: 5.4
debian
больше 4 лет назад
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...