Skip to main content

Roundcube Webmail

7 CVEs product

Monthly

CVE-2015-5383 HIGH PATCH This Week

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-5382 MEDIUM PATCH This Month

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2015-5381 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2016-4068 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8864 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-8794 MEDIUM PATCH This Month

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Roundcube Webmail
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-8770 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 28.3%.

Path Traversal RCE PHP Roundcube Webmail
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
28.3%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Roundcube Webmail Webmail
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Roundcube Webmail Webmail
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Roundcube Webmail +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Roundcube Webmail
NVD
EPSS 28% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 28.3%.

Path Traversal RCE PHP +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy