CVE-2020-16145

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

Date published : 2020-08-12

https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4

https://github.com/roundcube/roundcubemail/releases/tag/1.3.15