Vulnerabilities > Roundcube > Webmail > 1.6.7

DATE CVE VULNERABILITY TITLE RISK
2024-08-05 CVE-2024-42008 Cross-site Scripting vulnerability in Roundcube Webmail
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
network
low complexity
roundcube CWE-79
critical
9.3
2024-08-05 CVE-2024-42009 Cross-site Scripting vulnerability in Roundcube Webmail
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
network
low complexity
roundcube CWE-79
critical
9.3