CVE-2018-19206

Опубликовано: 12 нояб. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 6.1

Описание

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
cosmic	ignored	end of life
devel	not-affected	1.3.8+dfsg.1-2
disco	not-affected	1.3.8+dfsg.1-2
eoan	not-affected	1.3.8+dfsg.1-2
esm-apps/bionic	needed
esm-apps/focal	not-affected	1.3.8+dfsg.1-2
esm-apps/jammy	not-affected	1.3.8+dfsg.1-2
esm-apps/noble	not-affected	1.3.8+dfsg.1-2
esm-apps/xenial	needed

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2018-19206

CVSS3: 6.1

nvd

около 7 лет назад

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

CVE-2018-19206

CVSS3: 6.1

debian

около 7 лет назад

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use ...

GHSA-p9mh-3gv4-mcg7

CVSS3: 6.1

github

больше 3 лет назад

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

4.3 Medium

CVSS2

6.1 Medium

CVSS3

CVE-2018-19206

Описание

Пакет roundcube

Ссылки на источники

Связанные уязвимости