Vulnerabilities > Rainloop

DATE CVE VULNERABILITY TITLE RISK
2022-07-28 CVE-2022-29360 Cross-site Scripting vulnerability in Rainloop Webmail
The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.
network
low complexity
rainloop CWE-79
5.4
2020-03-20 CVE-2019-13389 Cross-site Scripting vulnerability in Rainloop Webmail
RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.
network
low complexity
rainloop CWE-79
6.1