Roundcube

Do you want an email whenever new security vulnerabilities are reported in Roundcube?

By the Year

In 2024 there have been 0 vulnerabilities in Roundcube . Roundcube did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	1	6.10
2021	3	5.40
2020	1	6.10
2019	0	0.00
2018	2	6.80

It may take a day or so for new Roundcube vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Roundcube Security Vulnerabilities

Roundcube before 1.4.13 and 1.5.x before 1.5.2

CVE-2021-46144 6.1 - Medium - January 06, 2022

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.

XSS

Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4

CVE-2020-18671 5.4 - Medium - June 24, 2021

Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.

XSS

Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4

CVE-2020-18670 5.4 - Medium - June 24, 2021

Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.

XSS

Roundcube before 1.4.11

CVE-2021-26925 5.4 - Medium - February 09, 2021

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

XSS

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10

CVE-2020-35730 6.1 - Medium - December 28, 2020

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

XSS

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings

CVE-2018-19205 7.5 - High - November 12, 2018

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.

Information Disclosure

steps/mail/func.inc in Roundcube before 1.3.8 has XSS

CVE-2018-19206 6.1 - Medium - November 12, 2018

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Roundcube Webmail or by Roundcube? Click the Watch button to subscribe.

Roundcube
Vendor

Roundcube
Product

Roundcube

By the Year

Recent Roundcube Security Vulnerabilities

Roundcube before 1.4.13 and 1.5.x before 1.5.2 CVE-2021-46144 6.1 - Medium - January 06, 2022

Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 CVE-2020-18671 5.4 - Medium - June 24, 2021

Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 CVE-2020-18670 5.4 - Medium - June 24, 2021

Roundcube before 1.4.11 CVE-2021-26925 5.4 - Medium - February 09, 2021

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10 CVE-2020-35730 6.1 - Medium - December 28, 2020

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings CVE-2018-19205 7.5 - High - November 12, 2018

steps/mail/func.inc in Roundcube before 1.3.8 has XSS CVE-2018-19206 6.1 - Medium - November 12, 2018