Описание
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
A flaw was found in Roundcube Webmail. This vulnerability allows for Cascading Style Sheets (CSS) injection, a technique where an attacker can inject malicious styling code into a web page. This occurs due to the application mishandling comments. Successful exploitation could lead to the disclosure of sensitive information.
Отчет
MODERATE: This flaw in Roundcube Webmail allows for Cascading Style Sheets (CSS) injection due to mishandled comments. This could potentially lead to information disclosure or defacement within the webmail interface when processing specially crafted email content.
Меры по смягчению последствий
For deployments of Roundcube Webmail, restrict access to the webmail interface to trusted networks or users. Additionally, users should exercise caution when opening emails from untrusted or suspicious sources, as this vulnerability requires processing of malicious CSS within email content.
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading ...
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
EPSS
4.7 Medium
CVSS3