Lucene search

DebianCVE-2016-4068

HistoryApr 13, 2017 - 2:59 p.m.

CVE-2016-4068

2017-04-1314:59:01

CWE-79

debian

web.nvd.nist.gov

cve-2016-4068

cross-site scripting

xss

roundcube webmail

remote attackers

web script

html

svg

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

54.3%

JSON

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

Affected configurations

Nvd

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

roundcuberoundcube_webmailMatch1.1.1

roundcuberoundcube_webmailMatch1.1.2

roundcuberoundcube_webmailMatch1.1.3

roundcubewebmailRange≤1.0.8

roundcubewebmailMatch1.1

roundcubewebmailMatch1.1beta

roundcubewebmailMatch1.1rc

roundcubewebmailMatch1.1.4

VendorProductVersionCPE
opensuseleap42.1cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
roundcuberoundcube_webmail1.1.1cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
roundcuberoundcube_webmail1.1.2cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
roundcuberoundcube_webmail1.1.3cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
roundcubewebmail*cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
roundcubewebmail1.1cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
roundcubewebmail1.1cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
roundcubewebmail1.1cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	leap	42.1	cpe:2.3:o:opensuse:leap:42.1:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
roundcube	roundcube_webmail	1.1.1	cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:::::::*
roundcube	roundcube_webmail	1.1.2	cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:::::::*
roundcube	roundcube_webmail	1.1.3	cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:::::::*
roundcube	webmail	*	cpe:2.3:a:roundcube:webmail::::::::
roundcube	webmail	1.1	cpe:2.3:a:roundcube:webmail:1.1:::::::*
roundcube	webmail	1.1	cpe:2.3:a:roundcube:webmail:1.1:beta::::::
roundcube	webmail	1.1	cpe:2.3:a:roundcube:webmail:1.1:rc::::::