VYPR
Medium severity6.1NVD Advisory· Published Apr 13, 2017· Updated Jun 17, 2026

CVE-2015-8864

CVE-2015-8864

Description

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Roundcube/Webmail8 versions
    cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*range: <=1.0.8
    • cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • Range: <1.0.9, <1.1.5

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.