Webmail
Sign in to watchby Roundcube
Source repositories
CVEs (44)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-4076 | 0.00 | — | 0.00 | Nov 25, 2009 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. | ||
| CVE-2009-0413 | 0.00 | — | 0.00 | Feb 3, 2009 | Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. | ||
| CVE-2008-5620 | 0.00 | — | 0.01 | Dec 17, 2008 | RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. | ||
| CVE-2005-4368 | 0.00 | — | 0.00 | Dec 20, 2005 | roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. |
Page 3 of 3