Description
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-855-1 | roundcube security update |
EUVD |
EUVD-2017-15874 | rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. |
Ubuntu USN |
USN-8132-1 | Roundcube Webmail vulnerabilities |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T15:41:17.592Z
Reserved: 2017-03-11T00:00:00.000Z
Link: CVE-2017-6820
No data.
Status : Modified
Published: 2017-03-12T05:59:00.277
Modified: 2026-06-17T01:23:10.103
Link: CVE-2017-6820
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Debian DLA
EUVD
Ubuntu USN