Vulnerabilities > Roundcube

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-44026 SQL Injection vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
network
low complexity
roundcube fedoraproject CWE-89
7.5
2021-11-19 CVE-2021-44025 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
4.3
2021-06-24 CVE-2020-18671 Cross-site Scripting vulnerability in Roundcube
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
network
roundcube CWE-79
3.5
2021-06-24 CVE-2020-18670 Cross-site Scripting vulnerability in Roundcube 1.4.4
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
network
roundcube CWE-79
3.5
2021-02-09 CVE-2021-26925 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
3.5
2020-12-28 CVE-2020-35730 Cross-site Scripting vulnerability in Roundcube
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10.
network
roundcube CWE-79
4.3
2020-08-12 CVE-2020-16145 Cross-site Scripting vulnerability in Roundcube Webmail
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
network
roundcube CWE-79
4.3
2020-07-06 CVE-2020-15562 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7.
4.3
2020-06-09 CVE-2020-13964 Cross-site Scripting vulnerability in Roundcube Webmail
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
roundcube CWE-79
4.3
2020-06-09 CVE-2020-13965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
4.3