Unrated severityNVD Advisory· Published Jun 24, 2021· Updated Aug 4, 2024
CVE-2020-18670
CVE-2020-18670
Description
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Roundcube mail/Roundcube maildescription
- Range: = 1.4.4
- osv-coords4 versionspkg:bitnami/roundcubepkg:rpm/opensuse/roundcubemail&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/roundcubemail&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/roundcubemail&distro=SUSE%20Package%20Hub%2015%20SP2
>= 1.4.4, <= 1.4.4+ 3 more
- (no CPE)range: >= 1.4.4, <= 1.4.4
- (no CPE)range: < 1.3.16-lp152.4.6.1
- (no CPE)range: < 1.3.16-bp151.4.6.1
- (no CPE)range: < 1.3.16-bp152.4.6.1
Patches
Vulnerability mechanics
References
3- github.com/roundcube/roundcubemail/issues/7406mitrex_refsource_MISC
- lorexxar.cn/2020/06/10/roundcube-mail-xss/mitrex_refsource_MISC
- roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.