Vulnerabilities > Roundcube > Webmail

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2021-26925 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
network
low complexity
roundcube fedoraproject CWE-79
5.4
5.4
2020-12-28 CVE-2020-35730 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
6.1
2020-08-12 CVE-2020-16145 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
network
low complexity
roundcube fedoraproject CWE-79
6.1
6.1
2020-07-06 CVE-2020-15562 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7.
network
low complexity
roundcube debian CWE-79
6.1
6.1
2020-06-09 CVE-2020-13965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube debian fedoraproject CWE-79
6.1
6.1
2020-06-09 CVE-2020-13964 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
6.1
2020-05-04 CVE-2020-12641 OS Command Injection vulnerability in multiple products
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
network
low complexity
roundcube opensuse CWE-78
critical
 9.8
9.8
2020-05-04 CVE-2020-12640 Path Traversal vulnerability in multiple products
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
network
low complexity
roundcube opensuse CWE-22
critical
 9.8
9.8
2020-05-04 CVE-2020-12626 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian CWE-352
6.5
6.5
2020-05-04 CVE-2020-12625 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian opensuse CWE-79
6.1
6.1