CVE-2020-35730 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | A security issue was found in Roundcube Webmail before version 1.4.10, 1.3.16 and 1.2.13. linkref_addindex in rcube_string_replacer.php allowed performing a stored cross-site scripting attack using a crafted HTML or plain text email message. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1388 | roundcubemail | 1.4.9-1 | 1.4.10-1 | High | Fixed | FS#69131 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 04 Jan 2021 | ASA-202101-2 | AVG-1388 | roundcubemail | High | cross-site scripting |
| References |
|---|
https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d |