Vulnerabilities > Roundcube > Webmail > 1.4.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-18 | CVE-2023-5631 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. | 5.4 |
2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |