Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Email

Roundcube

Roundcube - Free webmail for the masses. Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client including MIME support address book folder manipulation message searching and spell checking.

Official Site:

https://roundcube.net/

Severity Summary:

Critical: 6 High: 16 Medium: 47 Low: 5
Reference
Title
Severity
CVE-2026-35540
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability
Medium
CVE-2024-37384
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-35541
Roundcube Access of Resource Using Incompatible Type (Type Confusion) Vulnerability
Medium
CVE-2023-43770
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-35543
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability
Medium
CVE-2023-47272
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-68461
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-57004
Roundcube Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability
Medium
CVE-2018-19206
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-37383
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-5631
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-9587
Roundcube Multiple Cross-site Request Forgery (CSRF) Vulnerabilities
Medium
CVE-2020-35730
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-26925
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-8793
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2015-8864
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2016-4068
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2019-10740
Roundcube Unspesificed Vulnerability
Medium
CVE-2020-16145
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15562
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13965
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13964
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-12626
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2020-12625
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5382
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2015-5381
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-1904
Roundcube Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2013-5645
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-6121
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-0413
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium