Описание
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.6.8+dfsg-1 |
| esm-apps/bionic | not-affected | 1.3.6+dfsg.1-1ubuntu0.1~esm5 |
| esm-apps/focal | not-affected | 1.4.3+dfsg.1-1ubuntu0.1~esm5 |
| esm-apps/jammy | not-affected | 1.5.0+dfsg.1-2ubuntu0.1~esm4 |
| esm-apps/noble | released | 1.6.6+dfsg-2ubuntu0.1+esm1 |
| esm-apps/xenial | not-affected | 1.2~beta+dfsg.1-0ubuntu1+esm6 |
| focal | ignored | end of standard support, was needs-triage |
| jammy | not-affected | 1.5.0+dfsg.1-2 |
| noble | needed | |
| oracular | not-affected | 1.6.8+dfsg-1 |
Показывать по
Ссылки на источники
EPSS
9.3 Critical
CVSS3
Связанные уязвимости
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1. ...
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Уязвимость функции message_body() файла program/actions/mail/show.php почтового клиента RoundCube Webmail, позволяющая нарушителю получить полный доступ к электронной почте путём отправки специально сформированного сообщения
EPSS
9.3 Critical
CVSS3