Vulnerabilities > Roundcube > Webmail > 0.8.5

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-16145 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
network
low complexity
roundcube fedoraproject CWE-79
6.1
6.1
2020-07-06 CVE-2020-15562 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7.
network
low complexity
roundcube debian CWE-79
6.1
6.1
2020-06-09 CVE-2020-13965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube debian fedoraproject CWE-79
6.1
6.1
2020-06-09 CVE-2020-13964 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
6.1
2020-05-04 CVE-2020-12626 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian CWE-352
6.5
6.5
2020-05-04 CVE-2020-12625 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian opensuse CWE-79
6.1
6.1
2019-08-20 CVE-2019-15237 Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
network
low complexity
roundcube fedoraproject
7.4
7.4
2019-04-07 CVE-2019-10740 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email.
network
low complexity
roundcube fedoraproject opensuse CWE-319
4.3
4.3
2018-11-12 CVE-2018-19206 Cross-site Scripting vulnerability in multiple products
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
network
low complexity
roundcube debian CWE-79
6.1
6.1
2018-11-12 CVE-2018-19205 Information Exposure vulnerability in Roundcube Webmail
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688.
network
low complexity
roundcube CWE-200
7.5
7.5