Description
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.
Published: 2024-06-07
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3835-1 roundcube security update
Debian DSA Debian DSA DSA-5714-1 roundcube security update
Ubuntu USN Ubuntu USN USN-6848-1 Roundcube vulnerabilities
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00217}

 epss

{'score': 0.00183}

Thu, 01 May 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
Roundcube webmail
CPEs cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux
Roundcube webmail

Mon, 04 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Debian Debian Linux
Roundcube Roundcube Webmail Webmail
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-11-04T16:24:03.779Z

Reserved: 2024-06-07T00:00:00.000Z

Link: CVE-2024-37384

cve-icon Vulnrichment

Updated: 2024-08-02T03:50:56.175Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-07T04:15:30.597

Modified: 2025-05-01T19:51:01.563

Link: CVE-2024-37384

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses