Описание
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.
Ссылки
- Patch
- Patch
- Patch
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.13 (включая)Версия от 1.6.0 (включая) до 1.6.13 (включая)
Одно из
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-669
Связанные уязвимости
CVSS3: 5.3
ubuntu
8 дней назад
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.
CVSS3: 5.3
debian
8 дней назад
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...
CVSS3: 5.3
github
8 дней назад
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
EPSS
Процентиль: 13%
0.00043
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-669