CVE-2020-16145

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
12/08/2020
Last modified:
07/11/2023

Description

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:* 1.3.15 (excluding)
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:* 1.4.0 (including) 1.4.8 (excluding)
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*