Описание
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.5.0+dfsg.1-2 |
| esm-apps/bionic | released | 1.3.6+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 1.4.3+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/jammy | not-affected | 1.5.0+dfsg.1-2 |
| esm-apps/noble | not-affected | 1.5.0+dfsg.1-2 |
| esm-apps/xenial | released | 1.2~beta+dfsg.1-0ubuntu1+esm2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| focal | ignored | end of standard support, was needed |
| hirsute | ignored | end of life |
Показывать по
10
Ссылки на источники
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
около 4 лет назад
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
CVSS3: 6.1
debian
около 4 лет назад
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...
github
больше 3 лет назад
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
4.3 Medium
CVSS2
6.1 Medium
CVSS3