Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-26925 - log back

CVE-2021-26925 edited at 09 Feb 2021 16:42:53

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Cross-site scripting

Description

+	Roundcube before 1.4.11 allows cross-site scripting (XSS) via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

References

+	https://roundcube.net/news/2021/02/08/security-update-1.4.11
+	https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596

Notes

CVE-2021-26925 created at 09 Feb 2021 16:41:36