Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Email

Roundcube

Roundcube - Free webmail for the masses. Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client including MIME support address book folder manipulation message searching and spell checking.

Official Site:

https://roundcube.net/

Severity Summary:

Critical: 6 High: 14 Medium: 41 Low: 4
Reference
Title
Severity
CVE-2024-57004
Roundcube Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability
Medium
CVE-2023-43770
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-0413
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-37384
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-47272
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-5631
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-9587
Roundcube Multiple Cross-site Request Forgery (CSRF) Vulnerabilities
Medium
CVE-2009-4076
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2009-4077
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2015-8793
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2015-8864
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2016-4068
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2019-10740
Roundcube Unspesificed Vulnerability
Medium
CVE-2020-16145
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15562
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13965
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13964
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-12626
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2020-12625
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5382
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2015-5381
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-1904
Roundcube Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2013-5645
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-6121
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-4668
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-3508
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2011-4078
Roundcube Resource Management Errors Vulnerability
Medium
CVE-2015-1433
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2011-1492
Roundcube Improper Input Validation Vulnerability
Medium
CVE-2010-0464
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium