CVE-2017-6820

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*

History

21 Nov 2024, 03:30

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/96817 - () http://www.securityfocus.com/bid/96817 -
References () https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4 - Issue Tracking, Patch, Third Party Advisory () https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305 - Issue Tracking, Patch, Third Party Advisory () https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/roundcube/roundcubemail/releases/tag/1.1.8 - Patch, Release Notes, Third Party Advisory () https://github.com/roundcube/roundcubemail/releases/tag/1.1.8 - Patch, Release Notes, Third Party Advisory
References () https://github.com/roundcube/roundcubemail/releases/tag/1.2.4 - Patch, Release Notes, Third Party Advisory () https://github.com/roundcube/roundcubemail/releases/tag/1.2.4 - Patch, Release Notes, Third Party Advisory
References () https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124 - Patch, Release Notes, Third Party Advisory () https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124 - Patch, Release Notes, Third Party Advisory
References () https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released - Release Notes, Vendor Advisory () https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released - Release Notes, Vendor Advisory

Information

Published : 2017-03-12 05:59

Updated : 2024-11-21 03:30


NVD link : CVE-2017-6820

Mitre link : CVE-2017-6820

CVE.ORG link : CVE-2017-6820


JSON object : View

Products Affected

roundcube

  • webmail
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')