CVE-2020-16145
12.08.2020, 13:15
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
| Vendor | Product | Version |
|---|---|---|
| roundcube | webmail | 𝑥 < 1.3.15 |
| roundcube | webmail | 1.4.0 ≤ 𝑥 < 1.4.8 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References