CVE-2020-12625

Published: May 4, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0

x_refsource_MISC

https://github.com/roundcube/roundcubemail/releases/tag/1.4.4

x_refsource_MISC

https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4

x_refsource_MISC

DSA-4674

vendor-advisory

x_refsource_DEBIAN

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube

x_refsource_MISC

GLSA-202007-41

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2020:1516

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-12625

Description

Affected Products

References