| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-16145 | 4.3 |
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
|
20-01-2023 - 21:00 | 12-08-2020 - 13:15 | |
| CVE-2020-15562 | 4.3 |
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD ele
|
20-01-2023 - 20:26 | 06-07-2020 - 12:15 | |
| CVE-2020-12640 | 7.5 |
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
|
02-09-2022 - 15:42 | 04-05-2020 - 15:15 | |
| CVE-2020-12625 | 4.3 |
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
|
02-09-2022 - 15:42 | 04-05-2020 - 02:15 | |
| CVE-2019-10740 | 4.3 |
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This
|
03-05-2022 - 14:49 | 07-04-2019 - 15:29 | |
| CVE-2020-12641 | 7.5 |
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
|
29-04-2022 - 13:24 | 04-05-2020 - 15:15 | |
| CVE-2020-15562 | 4.3 |
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD ele
|
24-09-2020 - 18:15 | 06-07-2020 - 12:15 | |
| CVE-2020-16145 | 4.3 |
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
|
24-09-2020 - 18:15 | 12-08-2020 - 13:15 | |
| CVE-2020-12640 | 7.5 |
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
|
24-09-2020 - 18:15 | 04-05-2020 - 15:15 | |
| CVE-2020-12625 | 4.3 |
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
|
24-09-2020 - 18:15 | 04-05-2020 - 02:15 | |
| CVE-2020-12641 | 7.5 |
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
|
24-09-2020 - 18:15 | 04-05-2020 - 15:15 | |
| CVE-2019-10740 | 4.3 |
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This
|
24-09-2020 - 18:15 | 07-04-2019 - 15:29 |