roundcubemail

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A PHP web-based mail client
Version 1.3.4-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-506 1.3.2-1 1.3.3-1 High Fixed
AVG-199 1.2.3-1 1.2.4-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-6820 AVG-199 Medium Yes Cross-site scripting
It has been discovered that rcube_utils.php in Roundcube before 1.1.8 and before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted...
CVE-2017-16651 AVG-506 High Yes Arbitrary filesystem access
Roundcube Webmail 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in...

Advisories

Date Advisory Group Severity Description
21 Nov 2017 ASA-201711-27 AVG-506 High arbitrary filesystem access
14 Mar 2017 ASA-201703-10 AVG-199 Medium cross-site scripting