Roundcube Roundcube Webmail — known CVE vulnerabilities
Every CVE whose affected-product data names Roundcube Roundcube Webmail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2015-8770 — CVSS 7.5 (high): Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x…
CVE-2015-5383 — CVSS 7.5 (high): Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp…
CVE-2015-8794 — CVSS 6.5 (medium): Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote…
CVE-2015-5382 — CVSS 6.5 (medium): program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read…
CVE-2016-4068 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject…
CVE-2015-5381 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to…
CVE-2015-8864 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject…