Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
References
Link | Resource |
---|---|
https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242 | Patch |
https://github.com/roundcube/roundcubemail/releases/tag/1.5.7 | Release Notes |
https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 | Release Notes |
https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html | Mailing List Third Party Advisory |
Configurations
History
25 Oct 2024, 13:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242 - Patch | |
References | () https://github.com/roundcube/roundcubemail/releases/tag/1.5.7 - Release Notes | |
References | () https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 - Release Notes | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Roundcube Roundcube webmail Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:* |
03 Jul 2024, 02:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
17 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 04:15
Updated : 2024-10-25 13:56
NVD link : CVE-2024-37383
Mitre link : CVE-2024-37383
CVE.ORG link : CVE-2024-37383
JSON object : View
Products Affected
debian
- debian_linux
roundcube
- webmail
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')