Описание
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.4.10+dfsg.1-1 |
| esm-apps/bionic | released | 1.3.6+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 1.4.3+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/jammy | not-affected | 1.4.10+dfsg.1-1 |
| esm-apps/noble | not-affected | 1.4.10+dfsg.1-1 |
| esm-apps/xenial | released | 1.2~beta+dfsg.1-0ubuntu1+esm2 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x ...
linkref_addindex in rcube_string_replacer.php in Roundcube Webmail before 1.4.10 allows XSS via a crafted email message.
Уязвимость функции linkref_addindex компонента rcube_string_replacer.php почтового клиента Roundcube, связанная с недостатками используемых мер по защите структур веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3