Lucene search

PRIOn knowledge basePRION:CVE-2020-16145

HistoryAug 12, 2020 - 1:15 p.m.

Cross site scripting

2020-08-1213:15:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

JSON

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

CPENameOperatorVersion
fedoraeq31
fedoraeq32
webmaillt1.3.15
webmailge1.4.0
webmaillt1.4.8

Name	Operator	Version
fedora	eq	31
fedora	eq	32
webmail	lt	1.3.15
webmail	ge	1.4.0
webmail	lt	1.4.8

References

lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html

github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4

github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b

github.com/roundcube/roundcubemail/releases/tag/1.3.15

github.com/roundcube/roundcubemail/releases/tag/1.4.8

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DAXK3565NYK4OEZVTW6S5LEVIDQEY2E/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLUQRIBAMEQVBO6GUZECCHJDJIWCYFU/