Vulnerabilities > Roundcube > Webmail > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2016-4068 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
network
low complexity
opensuse roundcube CWE-79
6.1
2017-04-13 CVE-2015-8864 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
network
low complexity
opensuse roundcube CWE-79
6.1
2017-03-12 CVE-2017-6820 Cross-site Scripting vulnerability in Roundcube Webmail
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
network
low complexity
roundcube CWE-79
6.1
2016-12-20 CVE-2016-4552 Cross-site Scripting vulnerability in Roundcube Webmail 1.2
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
network
low complexity
roundcube CWE-79
6.1
2016-01-29 CVE-2015-8793 Cross-site Scripting vulnerability in Roundcube Webmail
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.
network
low complexity
roundcube CWE-79
6.1