---

CVE-2020-35730 - log back

CVE-2020-35730 edited at 28 Dec 2020 22:21:19

Description

- A security issue was found in Roundcube Webmail before version 1.4.10, 1.3.16 and 1.2.13. HTML or plain text messages with malicious content could be used to perform a stored cross-site scripting attack. + A security issue was found in Roundcube Webmail before version 1.4.10, 1.3.16 and 1.2.13. linkref_addindex in rcube_string_replacer.php allowed performing a stored cross-site scripting attack using a crafted HTML or plain text email message.

CVE-2020-35730 edited at 28 Dec 2020 08:44:18
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Cross-site scripting
Description	+ A security issue was found in Roundcube Webmail before version 1.4.10, 1.3.16 and 1.2.13. HTML or plain text messages with malicious content could be used to perform a stored cross-site scripting attack.
References	+ https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 + https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d
Notes

CVE-2020-35730 created at 28 Dec 2020 08:38:59