Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP4 package roundcubemail, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-16145 — CVSS 6.1 (medium): Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue…
CVE-2019-10740 — CVSS 4.3 (medium): In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted…