Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP5 package roundcubemail, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-42008 — CVSS 9.3 (critical): A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote…
CVE-2024-42010 — CVSS 7.5 (high): mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in…
CVE-2023-47272 — CVSS 6.1 (medium): Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment…