ALT-PU-2022-1073-1
Closed vulnerabilities
Published: 2021-12-29
BDU:2022-05555
Уязвимость почтового клиента Roundcube, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
Severity: MEDIUM (6.1)
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2022-01-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-46144
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- https://bugs.debian.org/1003027
- https://bugs.debian.org/1003027
- https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0
- https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0
- https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8
- https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8
- [debian-lts-announce] 20220112 [SECURITY] [DLA 2878-1] roundcube security update
- [debian-lts-announce] 20220112 [SECURITY] [DLA 2878-1] roundcube security update
- https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
- https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
- https://roundcube.net/news/2021/12/30/update-1.5.2-released
- https://roundcube.net/news/2021/12/30/update-1.5.2-released
- DSA-5037
- DSA-5037