Medium severity6.1NVD Advisory· Published Apr 13, 2017· Updated Jun 17, 2026
CVE-2015-8864
CVE-2015-8864
Description
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*range: <=1.0.8
- cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
- Range: <1.0.9, <1.1.5
Patches
Vulnerability mechanics
References
7- github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18nvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-08/msg00078.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-08/msg00079.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-08/msg00095.htmlnvdThird Party Advisory
- github.com/roundcube/roundcubemail/issues/4949nvdThird Party Advisory
- github.com/roundcube/roundcubemail/releases/tag/1.0.9nvdRelease NotesThird Party Advisory
- github.com/roundcube/roundcubemail/releases/tag/1.1.5nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.