Roundcube Webmail vulnerable to XSS via list columns from user preferences
CVE-2024-37384

Currently unrated

Key Information:

Vendor: Roundcube Webmail
Status: Webmail
Vendor: CVE Published:; 7 June 2024

What is CVE-2024-37384?

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

References

https://github.com/roundcube/roundcubemail/releases/tag/1...

https://github.com/roundcube/roundcubemail/releases/tag/1...

https://github.com/roundcube/roundcubemail/commit/cde4522...

Timeline

Vulnerability published
Jun 7, 2024

.

CVE-2024-37384 : Roundcube Webmail vulnerable to XSS via list columns from user preferences