Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Email

Roundcube

Roundcube - Free webmail for the masses. Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client including MIME support address book folder manipulation message searching and spell checking.

Official Site:

https://roundcube.net/

Severity Summary:

Critical: 5 High: 12 Medium: 38 Low: 4
Reference
Title
Severity
CVE-2023-5631
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-47272
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-4077
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2024-37383
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5382
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2011-1492
Roundcube Improper Input Validation Vulnerability
Medium
CVE-2016-4068
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2019-10740
Roundcube Unspesificed Vulnerability
Medium
CVE-2020-16145
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15562
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13965
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13964
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-12626
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2020-12625
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5381
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-8793
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2013-1904
Roundcube Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2013-5645
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-6121
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-4668
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-3508
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-1433
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2011-4078
Roundcube Resource Management Errors Vulnerability
Medium
CVE-2011-2937
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-8864
Roundcube Cross-site Scripting (XSS) Vulnerability
Medium
CVE-2015-8105
Roundcube Cross-site Scripting (XSS) Vulnerability
Low
CVE-2011-1491
Roundcube Improper Input Validation Vulnerability
Low
CVE-2012-1253
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low
CVE-2012-3507
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low