VYPR

rpm package

opensuse/roundcubemail&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/roundcubemail&distro=openSUSE%20Leap%2015.6

Vulnerabilities (3)

  • CVE-2024-42010HigAug 5, 2024
    affected < 1.6.8-bp156.2.3.1fixed 1.6.8-bp156.2.3.1

    mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

  • CVE-2024-42009KEVAug 5, 2024
    affected < 1.6.8-bp156.2.3.1fixed 1.6.8-bp156.2.3.1

    A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

  • CVE-2024-42008Aug 5, 2024
    affected < 1.6.8-bp156.2.3.1fixed 1.6.8-bp156.2.3.1

    A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.