CVE-2021-44025

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment’s filename extension when displaying a MIME type warning message.

Date published : 2021-11-18

https://bugs.debian.org/1000156

https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7