Vulnerabilities > Roundcube > Webmail > 1.3.14

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-16145 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
network
low complexity
roundcube fedoraproject CWE-79
6.1
6.1
2020-05-04 CVE-2020-12626 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian CWE-352
6.5
6.5
2020-05-04 CVE-2020-12625 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian opensuse CWE-79
6.1
6.1