CVE-2021-26925 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | Roundcube before 1.4.11 allows cross-site scripting (XSS) via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1551 | roundcubemail | 1.4.10-2 | 1.4.11-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 12 Feb 2021 | ASA-202102-27 | AVG-1551 | roundcubemail | High | cross-site scripting |
| References |
|---|
https://roundcube.net/news/2021/02/08/security-update-1.4.11 https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 |