Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-12	CVE-2020-16145	Cross-site Scripting vulnerability in multiple products Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. network low complexity roundcube fedoraproject CWE-79	6.1
2020-07-06	CVE-2020-15562	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. network low complexity roundcube debian CWE-79	6.1
2020-06-09	CVE-2020-13965	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. network low complexity roundcube debian fedoraproject CWE-79	6.1
2020-06-09	CVE-2020-13964	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. network low complexity roundcube fedoraproject debian CWE-79	6.1
2020-05-04	CVE-2020-12626	Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian CWE-352	6.5
2020-05-04	CVE-2020-12625	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian opensuse CWE-79	6.1
2019-04-07	CVE-2019-10740	Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. network low complexity roundcube fedoraproject opensuse CWE-319	4.3
2018-11-12	CVE-2018-19206	Cross-site Scripting vulnerability in multiple products steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. network low complexity roundcube debian CWE-79	6.1
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9
2017-05-23	CVE-2015-5382	Information Exposure vulnerability in Roundcube Webmail and Webmail program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. network low complexity roundcube CWE-200	6.5