CVE-2020-16145

Опубликовано: 12 авг. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Broken Link
https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4
Patch
Third Party Advisory
https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b#diff-d3bb3391c79904494c60ee2ac2f33070
Patch
Third Party Advisory
https://github.com/roundcube/roundcubemail/releases/tag/1.3.15
Third Party Advisory
https://github.com/roundcube/roundcubemail/releases/tag/1.4.8
Release Notes
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DAXK3565NYK4OEZVTW6S5LEVIDQEY2E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLUQRIBAMEQVBO6GUZECCHJDJIWCYFU/
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Broken Link
https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4
Patch
Third Party Advisory
https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b#diff-d3bb3391c79904494c60ee2ac2f33070
Patch
Third Party Advisory
https://github.com/roundcube/roundcubemail/releases/tag/1.3.15
Third Party Advisory
https://github.com/roundcube/roundcubemail/releases/tag/1.4.8
Release Notes
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DAXK3565NYK4OEZVTW6S5LEVIDQEY2E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLUQRIBAMEQVBO6GUZECCHJDJIWCYFU/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

Версия до 1.3.15 (исключая)

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

Версия от 1.4.0 (включая) до 1.4.8 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00704

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-16145

CVSS3: 6.1

ubuntu

больше 5 лет назад

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

CVE-2020-16145

CVSS3: 6.1

debian

больше 5 лет назад

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...

GHSA-fjwm-m9vj-wvr8

CVSS3: 6.1

github

больше 3 лет назад

Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.

BDU:2020-04501

CVSS3: 6.1

fstec

больше 5 лет назад

Уязвимость функции wash_uri (rcube_washtml.php) почтового клиента RoundCube Webmail, связанная с недостатками используемых мер по защите структур веб-страницы, позволяющая нарушителю нарушить целостность данных

openSUSE-SU-2022:10148-1

suse-cvrf

больше 3 лет назад

Security update for roundcubemail

EPSS

Процентиль: 72%

0.00704

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79