Vulnerabilities > Roundcube > Webmail > 1.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-12 | CVE-2018-19206 | Cross-site Scripting vulnerability in multiple products steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | 6.1 |
| 2018-11-12 | CVE-2018-19205 | Information Exposure vulnerability in Roundcube Webmail Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. | 7.5 |