Stored XSS Vulnerability in Roundcube Webmail Affects Multiple Versions
CVE-2020-16145

6.1MEDIUM

Key Information:

Vendor

Roundcube

Status
Webmail
Vendor
CVE Published:
12 August 2020

What is CVE-2020-16145?

A vulnerability in Roundcube Webmail versions prior to 1.3.15 and 1.4.8 allows attackers to exploit stored XSS through crafted SVG documents during message display. The flaw can lead to unauthorized script execution, potentially compromising user data and accounts. This issue has been addressed in the latest updates.

References

https://github.com/roundcube/roundcubemail/releases/tag/1...
x_refsource_MISC
https://github.com/roundcube/roundcubemail/commit/a71bf2e...
x_refsource_CONFIRM
https://github.com/roundcube/roundcubemail/releases/tag/1...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.