Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP1 package roundcubemail, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2020-12640 — CVSS 9.8 (critical): Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to…
CVE-2020-15562 — CVSS 6.1 (medium): An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML…
CVE-2020-16145 — CVSS 6.1 (medium): Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue…
CVE-2020-12625 — CVSS 6.1 (medium): An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because…
CVE-2020-18670 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
CVE-2020-18671 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
CVE-2019-10740 — CVSS 4.3 (medium): In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted…