VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 29, 2013· Updated Apr 29, 2026

CVE-2013-5645

CVE-2013-5645

Description

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.

Affected products

52
  • Roundcube/Webmail52 versions
    cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*+ 51 more
    • cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*range: <=0.9.2
    • cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:20050811:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:20050820:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:20051007:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:20051021:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:stable:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:stable:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:stable:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.9:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.9:rc:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.9:rc2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.9.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.