Vulnerabilities (CVE)

Filtered by vendor Roundcube Subscribe
Total 68 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4076 1 Roundcube 1 Webmail 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.
CVE-2009-0413 1 Roundcube 1 Webmail 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
CVE-2008-5620 1 Roundcube 1 Webmail 2024-11-21 7.8 HIGH N/A
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
CVE-2008-5619 1 Roundcube 1 Webmail 2024-11-21 10.0 HIGH N/A
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
CVE-2007-6321 1 Roundcube 1 Webmail 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
CVE-2005-4368 1 Roundcube 1 Webmail 2024-11-21 5.0 MEDIUM N/A
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
CVE-2024-42009 1 Roundcube 1 Webmail 2024-09-06 N/A 9.3 CRITICAL
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
CVE-2024-42008 1 Roundcube 1 Webmail 2024-09-06 N/A 9.3 CRITICAL
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.