ID CVE-2016-5103
Summary ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4552. Reason: This candidate is a reservation duplicate of CVE-2016-4552. Notes: All CVE users should reference CVE-2016-4552 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
References
Vulnerable Configurations
CVSS
Base:
Impact:
Exploitability:
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_97E86D102EA711E6AE88002590263BF5.NASL
    description Roundcube reports : Fix XSS issue in href attribute on area tag (#5240).
    last seen 2018-11-22
    modified 2018-11-21
    plugin id 91554
    published 2016-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91554
    title FreeBSD : roundcube -- XSS vulnerability (97e86d10-2ea7-11e6-ae88-002590263bf5)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1418.NASL
    description This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - Avoid sending completely empty text parts for multipart/alternative messages - Don't create multipart/alternative messages with empty text/plain part - Improved validation of FROM argument when sending mails
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 95643
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95643
    title openSUSE Security Update : roundcubemail (openSUSE-2016-1418)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1533.NASL
    description This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - Avoid sending completely empty text parts for multipart/alternative messages - Don't create multipart/alternative messages with empty text/plain part - Improved validation of FROM argument when sending mails
    last seen 2019-02-21
    modified 2017-01-03
    plugin id 96247
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96247
    title openSUSE Security Update : roundcubemail (openSUSE-2016-1533)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E4C559515C.NASL
    description Upstream announcement: [Roundcube Webmail 1.2.0 released](https://roundcube.net/news/2016/05/22/roundcube-webmail-1.2. 0-released) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-07-14
    plugin id 92191
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92191
    title Fedora 22 : roundcubemail (2016-e4c559515c)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1419.NASL
    description roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - Update to 1.1.5 - Fixed security issue in DBMail driver of password plugin (CVE-2015-2181, boo#976988)
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 95700
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95700
    title openSUSE Security Update : roundcubemail (openSUSE-2016-1419)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D23D2712DE.NASL
    description Upstream announcement: [Roundcube Webmail 1.2.0 released](https://roundcube.net/news/2016/05/22/roundcube-webmail-1.2. 0-released) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-07-14
    plugin id 92170
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92170
    title Fedora 24 : roundcubemail (2016-d23d2712de)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-396403EC02.NASL
    description Upstream announcement: [Roundcube Webmail 1.2.0 released](https://roundcube.net/news/2016/05/22/roundcube-webmail-1.2. 0-released) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-07-14
    plugin id 92082
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92082
    title Fedora 23 : roundcubemail (2016-396403ec02)
Last major update 21-12-2016 - 11:59
Published 21-12-2016 - 11:59
Back to Top