Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker
to load arbitrary JavaScript code.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
22 Dec 2023, 18:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-18 15:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-5631
Mitre link : CVE-2023-5631
CVE.ORG link : CVE-2023-5631
JSON object : View
Products Affected
debian
- debian_linux
roundcube
- webmail
fedoraproject
- fedora
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')