CVE-2024-57004Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Webmail

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
3.1%
top 13.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Roundcube Webmail
Timeline
PublishedFeb 3

Description

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

3
OSV
CVE-2024-57004: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 12025-02-03
GHSA
GHSA-36j9-fp7f-7f7m: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 12025-02-03
CVEList
CVE-2024-57004: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 12025-02-03

📋Vendor Advisories

1
Debian
CVE-2024-57004: roundcube - Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remot...2024
CVE-2024-57004 — Roundcube Webmail vulnerability | cvebase