Vulnerabilities > Roundcube > Webmail > 1.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-16145 | Cross-site Scripting vulnerability in multiple products Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. | 6.1 |
| 2020-07-06 | CVE-2020-15562 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. | 6.1 |
| 2020-06-09 | CVE-2020-13965 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
| 2020-06-09 | CVE-2020-13964 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
| 2020-05-04 | CVE-2020-12641 | OS Command Injection vulnerability in multiple products rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | 9.8 |
| 2020-05-04 | CVE-2020-12640 | Path Traversal vulnerability in multiple products Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | 9.8 |
| 2020-05-04 | CVE-2020-12626 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. | 6.5 |
| 2020-05-04 | CVE-2020-12625 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. | 6.1 |