Vulnerabilities (CVE)

Filtered by vendor Roundcube Subscribe
Total 68 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2937 1 Roundcube 1 Webmail 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
CVE-2008-5619 1 Roundcube 1 Webmail 2024-02-28 10.0 HIGH N/A
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
CVE-2008-5620 1 Roundcube 1 Webmail 2024-02-28 7.8 HIGH N/A
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
CVE-2009-0413 1 Roundcube 1 Webmail 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
CVE-2009-4076 1 Roundcube 1 Webmail 2024-02-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.
CVE-2009-4077 1 Roundcube 1 Webmail 2024-02-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
CVE-2007-6321 1 Roundcube 1 Webmail 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
CVE-2005-4368 1 Roundcube 1 Webmail 2024-02-28 5.0 MEDIUM N/A
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.