Vulnerabilities

CVE-2024-42008

by Fred · 05/08/2024

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.

More information : https://github.com/roundcube/roundcubemail/releases

Similar

Tags: Cybersecurity Alert