CVE-2020-16145: XSS via crafted email in roundcube < 1.4.8
Bug #1891866 reported by
quazgar
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
roundcube (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
https:/
# Description #
Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
To post a comment you must log in.
Fixed in 1.3.15 https:/ /github. com/roundcube/ roundcubemail/ blob/release- 1.3/CHANGELOG