Lucene search
Veracode Vulnerability DatabaseVERACODE:29329HistoryFeb 10, 2021 - 6:17 a.m.
Cross-site Scripting (XSS)
2021-02-1006:17:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
cross-site scripting
roundcube
html email rendering
css token sequences
arbitrary javascript
EPSS
0.001
Percentile
40.2%
roundcube is vulnerable to cross-site scripting (XSS). The vulnerability exists through specific CSS token sequences during HTML email rendering which allows an attacker to inject and execute arbitrary javascript.
References
github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
lists.fedoraproject.org/archives/list/[email protected]/message/5QPAMYM2DQODSCQIAVNFJR2ETG7WMJOD/
lists.fedoraproject.org/archives/list/[email protected]/message/Q752JPOHTR6H72FK3EIPJZ5O24Z7RGLM/
roundcube.net/news/2021/02/08/security-update-1.4.11
security-tracker.debian.org/tracker/CVE-2021-26925
Related
mageia
mageia
Updated roundcubemail package fixes security vulnerability
2021-03-12 04:25:47
prion
prion
Design/Logic Flaw
2021-02-09 09:15:00
openvas
openvas
Fedora: Security Advisory for roundcubemail (FEDORA-2021-aef54ec149)
2021-02-18 00:00:00
Roundcube Webmail < 1.4.11 XSS Vulnerability
2021-02-15 00:00:00
Mageia: Security Advisory (MGASA-2021-0130)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2021-26925
2021-02-09 08:53:14
ubuntucve
ubuntucve
CVE-2021-26925
2021-02-09 00:00:00
debiancve
debiancve
CVE-2021-26925
2021-02-09 09:15:13
cve
cve
CVE-2021-26925
2021-02-09 09:15:13
nessus
nessus
Fedora 32 : roundcubemail (2021-aef54ec149)
2021-02-17 00:00:00
Fedora 33 : roundcubemail (2021-434b65378a)
2021-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: roundcubemail-1.4.11-1.fc33
2021-02-17 05:10:02
[SECURITY] Fedora 32 Update: roundcubemail-1.4.11-1.fc32
2021-02-17 05:09:53
osv
osv
BIT-roundcube-2021-26925
2024-03-06 11:04:45
CVE-2021-26925
2021-02-09 09:15:13
archlinux
archlinux
[ASA-202102-27] roundcubemail: cross-site scripting
2021-02-12 00:00:00
nvd
nvd
CVE-2021-26925
2021-02-09 09:15:13