CVE-2024-57004

Medium CVSS: 6.1

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

Vendor

Roundcube

Product

Webmail

CWE

CWE-80

Yayın Tarihi

2025-02-03 19:15:12

Güncelleme

2025-12-22 16:03:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-80 Webmail MEDIUM Roundcube 2025

Referanslar

https://github.com/riya98241/CVE/blob/main/CVE-2024-57004 https://github.com/roundcube/roundcubemail/releases/tag/1.6.9

Benzer Kayıtlar

Medium

CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization…

Medium

CVE-2026-35541

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plu…

Medium

CVE-2026-35542

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed…

Medium

CVE-2026-35543

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed…

Medium

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed…

Low

CVE-2026-35538

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could l…