logo

CVE-2020-35730 - Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2020-35730

Roundcube | Roundcube Webmail

  • Date Added:
  • 2023-06-22
  • Due Date:
  • 2023-07-13
Vulnerability Name

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Description

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13; https://nvd.nist.gov/vuln/detail/CVE-2020-35730
Related News Articles

Free online web security scanner