Roundcube
By the Year
In 2024 there have been 0 vulnerabilities in Roundcube . Roundcube did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 6.10 |
2021 | 3 | 5.40 |
2020 | 1 | 6.10 |
2019 | 0 | 0.00 |
2018 | 2 | 6.80 |
It may take a day or so for new Roundcube vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Roundcube Security Vulnerabilities
Roundcube before 1.4.13 and 1.5.x before 1.5.2
CVE-2021-46144
6.1 - Medium
- January 06, 2022
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
XSS
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4
CVE-2020-18671
5.4 - Medium
- June 24, 2021
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
XSS
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4
CVE-2020-18670
5.4 - Medium
- June 24, 2021
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
XSS
Roundcube before 1.4.11
CVE-2021-26925
5.4 - Medium
- February 09, 2021
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
XSS
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10
CVE-2020-35730
6.1 - Medium
- December 28, 2020
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
XSS
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings
CVE-2018-19205
7.5 - High
- November 12, 2018
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Information Disclosure
steps/mail/func.inc in Roundcube before 1.3.8 has XSS
CVE-2018-19206
6.1 - Medium
- November 12, 2018
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
XSS