Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Email

Roundcube

Roundcube - Free webmail for the masses. Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client including MIME support address book folder manipulation message searching and spell checking.

Official Site:

https://roundcube.net/

Severity Summary:

Critical: 5 High: 12 Medium: 38 Low: 4
Reference
Title
Severity
CVE-2020-12641
Roundcube Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability
Critical
CVE-2024-42009
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2020-12640
Roundcube Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2021-44026
Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2024-42008
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2017-8114
Roundcube Improper Privilege Management Vulnerability
High
CVE-2015-5383
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2018-19205
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2015-2181
Roundcube Multiple Buffer Overflow Vulnerabilities
High
CVE-2016-9920
Roundcube Improper Access Control Vulnerability
High
CVE-2017-16651
Roundcube Files or Directories Accessible to External Parties Vulnerability
High
CVE-2013-6172
Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2008-5620
Roundcube Resource Management Errors Vulnerability
High
CVE-2018-9846
Roundcube Unspesificed Vulnerability
High
CVE-2018-1000071
Roundcube Unspesificed Vulnerability
High
CVE-2016-4069
Roundcube Cross-site Request Forgery (CSRF) Vulnerability
High
CVE-2019-15237
Roundcube Unspesificed Vulnerability
High
CVE-2009-4076
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2021-26925
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-35730
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-19206
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-0413
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-9587
Roundcube Multiple Cross-site Request Forgery (CSRF) Vulnerabilities
Medium
CVE-2020-18671
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-18670
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-44025
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-46144
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2010-0464
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2017-6820
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-43770
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium