Roundcube

4 Products 7 CVEs

CVE Severity Distribution (All Time)

Critical

High

Medium

Low

Timeline Overview

Last 30 Days 0 CVEs

Last 6 Months 0 CVEs

Last Year 0 CVEs

Products

View all

Recent CVEs

CVE-2024-37385 CRITICAL None

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue …

CVE-2024-42010 HIGH 1 year, 3 months ago

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-m…

CVE-2024-37384 MEDIUM 1 year, 5 months ago

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

CVE-2024-37383 MEDIUM 1 year, 5 months ago

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

CVE-2023-5631 MEDIUM 2 years, 1 month ago

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because …

CVE-2023-43770 MEDIUM 2 years, 2 months ago

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/l…

CVE-2020-13965 MEDIUM 5 years, 5 months ago

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is am…

Roundcube

CVE Severity Distribution (All Time)

Timeline Overview

Products

webmail

roundcube_webmail

roundcube

Roundcubemail

Recent CVEs