Lucene search
GoogleOSV:CVE-2020-15562HistoryJul 06, 2020 - 12:15 p.m.
CVE-2020-15562
2020-07-0612:15:10
Google
osv.dev
6
0.006 Low
EPSS
Percentile
79.4%
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
| CPE | Name | Operator | Version |
|---|---|---|---|
| roundcubemail | eq | 1.4.4 | |
| roundcubemail | eq | 1.4.5 | |
| roundcubemail | eq | 1.4.1 | |
| roundcubemail | eq | 1.4.0 | |
| roundcubemail | eq | 1.4.2 | |
| roundcubemail | eq | 1.4.3 | |
| roundcubemail | eq | 1.4.6 |
References
lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82
github.com/roundcube/roundcubemail/releases/tag/1.2.11
github.com/roundcube/roundcubemail/releases/tag/1.3.14
github.com/roundcube/roundcubemail/releases/tag/1.4.7
www.debian.org/security/2020/dsa-4720
Related
openvas
openvas
Debian: Security Advisory (DSA-4720-1)
2020-07-09 00:00:00
Roundcube Webmail < 1.2.11, 1.3.x < 1.3.14, 1.4.x < 1.4.7 XSS Vulnerability
2020-07-15 00:00:00
openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2020:1516-1)
2020-09-25 00:00:00
nvd
nvd
CVE-2020-15562
2020-07-06 12:15:10
nessus
nessus
Debian DSA-4720-1 : roundcube - security update
2020-07-09 00:00:00
openSUSE Security Update : roundcubemail (openSUSE-2020-1516)
2020-09-30 00:00:00
osv
osv
BIT-roundcube-2020-15562
2024-03-06 11:05:30
roundcube - security update
2020-07-08 00:00:00
roundcube vulnerabilities
2022-08-08 06:30:29
ubuntucve
ubuntucve
CVE-2020-15562
2020-07-06 00:00:00
cve
cve
CVE-2020-15562
2020-07-06 12:15:10
debian
debian
[SECURITY] [DSA 4720-1] roundcube security update
2020-07-08 06:06:19
[SECURITY] [DSA 4720-1] roundcube security update
2020-07-08 06:06:19
prion
prion
Design/Logic Flaw
2020-07-06 12:15:00
debiancve
debiancve
CVE-2020-15562
2020-07-06 12:15:10
cvelist
cvelist
CVE-2020-15562
2020-07-06 11:26:09
suse
suse
Security update for roundcubemail (moderate)
2020-09-24 00:00:00
ubuntu
ubuntu
Roundcube Webmail vulnerabilities
2022-08-08 00:00:00