CVE-2020-35730
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
CVSS
—
Sin CVSS
EPSS
32.8%
p98
KEV
SÍ
22 jun 2023
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Roundcube / Roundcube Webmail
Vulnerabilidad
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Añadido a KEV
22 jun 2023
Remediar antes de
13 jul 2023
Uso conocido en ransomware
No
Descripción resumida
Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.
Acción requerida
Apply updates per vendor instructions.
Notas
https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13; https://nvd.nist.gov/vuln/detail/CVE-2020-35730