ALT-PU-2016-1365-1
Closed vulnerabilities
Published: 2017-04-13
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-8864
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
- https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
- https://github.com/roundcube/roundcubemail/issues/4949
- https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
- https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
- https://github.com/roundcube/roundcubemail/issues/4949
- https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
Published: 2017-04-13
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-4068
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
- https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218
- https://github.com/roundcube/roundcubemail/issues/4949
- https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
- https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218
- https://github.com/roundcube/roundcubemail/issues/4949
- https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
Published: 2016-08-25
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-4069
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
- http://www.openwall.com/lists/oss-security/2016/04/23/4
- http://www.securityfocus.com/bid/92654
- https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
- https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53
- https://github.com/roundcube/roundcubemail/issues/4957
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
- http://www.openwall.com/lists/oss-security/2016/04/23/4
- http://www.securityfocus.com/bid/92654
- https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
- https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53
- https://github.com/roundcube/roundcubemail/issues/4957
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115