cbcvebase.
CVE-2011-1492
published 2011-04-08

CVE-2011-1492: steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets…

PriorityP428medium5.5CVSS 2.0
AVNACLAuSCPIPAN
EPSS
1.76%
75.2th percentile
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianroundcube< roundcube 0.5.1-1 (bookworm)roundcube 0.5.1-1 (bookworm)
roundcubewebmail<= 0.5
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail

CVSS provenance

nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.