Описание
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 1.6.6+dfsg-2 |
| esm-apps/bionic | released | 1.3.6+dfsg.1-1ubuntu0.1~esm4 |
| esm-apps/focal | released | 1.4.3+dfsg.1-1ubuntu0.1~esm4 |
| esm-apps/jammy | released | 1.5.0+dfsg.1-2ubuntu0.1~esm3 |
| esm-apps/noble | not-affected | 1.6.6+dfsg-2 |
| esm-apps/xenial | not-affected | code not present |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| lunar | ignored | end of life, was needs-triage |
Показывать по
Ссылки на источники
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
EPSS
6.1 Medium
CVSS3