Re: CVE-2023-5631: XSS vulnerability in Roundcube webmail

Re: CVE-2023-5631: XSS vulnerability in Roundcube webmail

Open Source Security 

Posted by Kapetanakis Giannis on Nov 01

Versions up to 1.6.3 – not 1.6.4 – are vulnerable.

https://www.cve.org/CVERecord?id=CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a
crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to
load arbitrary JavaScript code.

G
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert