cbcvebase.
CVE-2015-1433
published 2015-02-03

CVE-2015-1433: program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site…

PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
3.28%
86.9th percentile
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianroundcube< roundcube 0.9.5+dfsg1-4.2 (bookworm)roundcube 0.9.5+dfsg1-4.2 (bookworm)
fedoraprojectfedora
roundcubewebmail<= 1.0.4

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.