CVE-2020-16145

Published: Aug 12, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/roundcube/roundcubemail/releases/tag/1.4.8

x_refsource_MISC

https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/releases/tag/1.3.15

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b#diff-d3bb3391c79904494c60ee2ac2f33070

x_refsource_MISC

FEDORA-2020-d0f8f20cfc

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-b1e023936e

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:1516

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-16145

Description

Affected Products

References