Vulnerability CVE-2020-16145: Information
Description
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
roundcube | sisyphus | 1.4-alt1 | 1.6.5-alt1 | ALT-PU-2019-3109-1 | 240511 | Fixed |
roundcube | p10 | 1.4-alt1 | 1.4.11-alt2 | ALT-PU-2019-3109-1 | 240511 | Fixed |
roundcube | p9 | 1.4.8-alt1 | 1.4.10-alt1 | ALT-PU-2020-2554-1 | 256155 | Fixed |
roundcube | c10f1 | 1.4-alt1 | 1.4.11-alt2 | ALT-PU-2019-3109-1 | 240511 | Fixed |
roundcube | c9f2 | 1.4.8-alt1 | 1.4.8-alt1 | ALT-PU-2020-2554-1 | 256155 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 |
|
https://github.com/roundcube/roundcubemail/releases/tag/1.4.8 |
|
https://github.com/roundcube/roundcubemail/releases/tag/1.3.15 |
|
https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b#diff-d3bb3391c79904494c60ee2ac2f33070 |
|
openSUSE-SU-2020:1516 |
|
FEDORA-2020-d0f8f20cfc | |
FEDORA-2020-b1e023936e |