Vulnerabilities > Roundcube > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2020-18671 | Cross-site Scripting vulnerability in Roundcube Webmail Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | 3.5 |
| 2021-06-24 | CVE-2020-18670 | Cross-site Scripting vulnerability in Roundcube Webmail 1.4.4 Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | 3.5 |
| 2015-11-10 | CVE-2015-8105 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload. | 3.5 |
| 2013-08-29 | CVE-2013-5646 | Cross-Site Scripting vulnerability in Roundcube Webmail 1.0 Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group. | 3.5 |
| 2012-08-25 | CVE-2012-3507 | Cross-Site Scripting vulnerability in Roundcube Webmail Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. | 2.6 |
| 2012-06-04 | CVE-2012-1253 | Cross-Site Scripting vulnerability in Roundcube Webmail Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment. | 2.6 |
| 2011-04-08 | CVE-2011-1491 | Improper Input Validation vulnerability in Roundcube Webmail The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue. | 3.5 |