Описание
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.4.6+dfsg.1-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1.3.6+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 1.4.3+dfsg.1-1ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 1.4.6+dfsg.1-1 |
| esm-apps/noble | not-affected | 1.4.6+dfsg.1-1 |
| esm-apps/xenial | released | 1.2~beta+dfsg.1-0ubuntu1+esm2 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Уязвимость почтового клиента RoundCube Webmail, связанная с недостатками используемых мер по защите структур веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
4.3 Medium
CVSS2
6.1 Medium
CVSS3