XSS Vulnerability in Roundcube Webmail by Roundcube Development
CVE-2021-44025

6.1MEDIUM

Key Information:

Vendor

Roundcube

Status
Webmail
Vendor
CVE Published:
19 November 2021

What is CVE-2021-44025?

Roundcube Webmail suffers from a Cross-Site Scripting (XSS) vulnerability that arises when handling attachment filenames. Specifically, the issue occurs during the display of MIME type warning messages, potentially allowing attackers to execute arbitrary scripts in the context of the user's browser. This vulnerability affects versions prior to 1.3.17 and 1.4.12, highlighting the importance of keeping your software updated to mitigate risks associated with web-based applications.

References

https://bugs.debian.org/1000156
x_refsource_MISC
https://github.com/roundcube/roundcubemail/issues/8193
x_refsource_MISC
https://github.com/roundcube/roundcubemail/commit/faf99bf...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.