Vulnerabilities > Roundcube > Webmail > 1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000071 | Incorrect Permission Assignment for Critical Resource vulnerability in Roundcube Webmail roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. | 7.5 |
| 2016-12-20 | CVE-2016-4552 | Cross-site Scripting vulnerability in Roundcube Webmail 1.2 Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. | 6.1 |