Bug | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|
CVE-2024-42010 | vulnerable | fixed | fixed | fixed | fixed | fixed | mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insu ... |
CVE-2024-42009 | vulnerable | fixed | fixed | fixed | fixed | fixed | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1. ... |
CVE-2024-42008 | vulnerable | fixed | fixed | fixed | fixed | fixed | A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() ... |
CVE-2024-37384 | vulnerable | fixed | fixed | fixed | fixed | fixed | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via l ... |
CVE-2024-37383 | vulnerable | fixed | fixed | fixed | fixed | fixed | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via S ... |
CVE-2023-47272 | vulnerable | fixed | fixed | fixed | fixed | fixed | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a C ... |
CVE-2023-43770 | vulnerable | fixed | fixed | fixed | fixed | fixed | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 al ... |
CVE-2023-5631 | vulnerable | fixed | fixed | fixed | fixed | fixed | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ... |
CVE-2020-18671 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via ... |
CVE-2020-18670 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ... |
CVE-2019-15237 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ... |
CVE-2019-10740 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIM ... |
CVE-2018-19205 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warni ... |
Bug | Description |
---|
CVE-2024-37385 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allow ... |
CVE-2021-46144 | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ... |
CVE-2021-44026 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ... |
CVE-2021-44025 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ... |
CVE-2021-26925 | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ... |
CVE-2020-35730 | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x ... |
CVE-2020-16145 | Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ... |
CVE-2020-15562 | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ... |
CVE-2020-13965 | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ... |
CVE-2020-13964 | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ... |
CVE-2020-12626 | An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ... |
CVE-2020-12625 | An issue was discovered in Roundcube Webmail before 1.4.4. There is a ... |
CVE-2018-1000071 | roundcube version 1.3.4 and earlier contains an Insecure Permissions v ... |
CVE-2018-19206 | steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use ... |
CVE-2018-9846 | In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ena ... |
CVE-2017-16651 | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ... |
CVE-2017-8114 | Roundcube Webmail allows arbitrary password resets by authenticated us ... |
CVE-2017-6820 | rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is su ... |
CVE-2016-9920 | steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ... |
CVE-2016-4552 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ... |
CVE-2016-4069 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ... |
CVE-2016-4068 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ... |
CVE-2015-8864 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ... |
CVE-2015-8794 | Absolute path traversal vulnerability in program/steps/addressbook/pho ... |
CVE-2015-8793 | Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ... |
CVE-2015-8770 | Directory traversal vulnerability in the set_skin function in program/ ... |
CVE-2015-8105 | Cross-site scripting (XSS) vulnerability in program/js/app.js in Round ... |
CVE-2015-5383 | Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ... |
CVE-2015-5382 | program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ... |
CVE-2015-5381 | Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ... |
CVE-2015-2181 | Multiple buffer overflows in the DBMail driver in the Password plugin ... |
CVE-2015-2180 | The DBMail driver in the Password plugin in Roundcube before 1.1.0 all ... |
CVE-2015-1433 | program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ... |
CVE-2014-9587 | Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcub ... |
CVE-2013-6172 | steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ... |
CVE-2013-5646 | Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ... |
CVE-2013-5645 | Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webma ... |
CVE-2013-1904 | Absolute path traversal vulnerability in steps/mail/sendmail.inc in Ro ... |
CVE-2012-6121 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ... |
CVE-2012-4668 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 an ... |
CVE-2012-3508 | Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ... |
CVE-2012-3507 | Cross-site scripting (XSS) vulnerability in program/steps/mail/func.in ... |
CVE-2012-1253 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ... |
CVE-2011-4078 | include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ... |
CVE-2011-2937 | Cross-site scripting (XSS) vulnerability in the UI messages functional ... |
CVE-2011-1492 | steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not prop ... |
CVE-2011-1491 | The login form in Roundcube Webmail before 0.5.1 does not properly han ... |
CVE-2010-0464 | Roundcube 0.3.1 and earlier does not request that the web browser avoi ... |
CVE-2009-4077 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ... |
CVE-2009-4076 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ... |
CVE-2009-0413 | Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcu ... |
CVE-2008-5620 | RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attack ... |
CVE-2008-5619 | html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMaile ... |
CVE-2007-6321 | Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ... |
CVE-2005-4368 | roundcube webmail Alpha, with a default high verbose level ($rcmail_co ... |