Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
References
Configurations
History
10 Mar 2022, 14:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:* |
Information
Published : 2021-02-09 09:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-26925
Mitre link : CVE-2021-26925
CVE.ORG link : CVE-2021-26925
JSON object : View
Products Affected
roundcube
- webmail
fedoraproject
- fedora
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')