Cross-Site Scripting Vulnerability in Roundcube Webmail from Roundcube
CVE-2024-57004

6.1MEDIUM

Key Information:

Vendor: Roundcube
Status: Roundcube Webmail
Vendor: CVE Published:; 3 February 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-57004?

A Cross-Site Scripting (XSS) vulnerability has been identified in Roundcube Webmail version 1.6.9, allowing remote authenticated users to exploit the system. By uploading a malicious file as an email attachment, an attacker can trigger the XSS issue when others view the SENT session, potentially compromising user sessions and sensitive data.

News Articles

GBHackers News

CVE-2024-57004

Roundcube XSS Flaw Allows Attackers to Inject Malicious Files

A critical Cross-Site Scripting (XSS) vulnerability has been discovered in the popular open-source webmail client, Roundcube, potentially exposing users to serious security risks.

References

https://github.com/roundcube/roundcubemail/releases/tag/1...

https://github.com/riya98241/CVE/blob/main/CVE-2024-57004

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 4, 2025
📰
First article discovered by GBHackers News
Feb 4, 2025
Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 9, 2025