Vulnerabilities > Roundcube > Roundcube Webmail

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2015-5383 Information Exposure vulnerability in Roundcube Webmail and Webmail
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
network
low complexity
roundcube CWE-200
5.0
2017-05-23 CVE-2015-5382 Information Exposure vulnerability in Roundcube Webmail and Webmail
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
network
low complexity
roundcube CWE-200
4.0
2017-05-23 CVE-2015-5381 Cross-site Scripting vulnerability in Roundcube Webmail and Webmail
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
network
roundcube CWE-79
4.3
2017-04-13 CVE-2016-4068 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
4.3
2017-04-13 CVE-2015-8864 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
4.3
2016-01-29 CVE-2015-8794 Path Traversal vulnerability in Roundcube Webmail 1.1.0/1.1.1
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
network
low complexity
roundcube CWE-22
4.0
2016-01-29 CVE-2015-8770 Path Traversal vulnerability in Roundcube Webmail
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a ..
network
roundcube CWE-22
6.0