Vulnerabilities

CVE-2020-35730

by Fred · 28/12/2020

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

Date published : 2020-12-28

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491

https://github.com/roundcube/roundcubemail/compare/1.4.9…1.4.10

Similar

Tags: Cybersecurity Alert