FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Roundcube -- Multiple vulnerabilities

Affected packages
roundcube < 1.6.8,1

Details

VuXML ID 5776cc4f-5717-11ef-b611-84a93843eb75
Discovery 2024-08-04
Entry 2024-08-10

The Roundcube project reports:

XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]

XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]

information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

[source]

References

CVE Name CVE-2024-42008
CVE Name CVE-2024-42009
CVE Name CVE-2024-42010
URL https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.