CVE-2020-35730 - Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

: Roundcube | Roundcube Webmail

Date Added:
2023-06-22

Due Date:
2023-07-13

Vulnerability Name: Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Description: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13; https://nvd.nist.gov/vuln/detail/CVE-2020-35730

Related News Articles: Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)August 7, 2024

Free online web security scanner

Don't show website scan report rating on the leaderboard