Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-19206: Update 1.3.8 released

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

CVE
#sql#xss#vulnerability

Published: 26 October 2018

  • Tags:
  • releases
  • updates
  • security

We proudly announce the next service release to update the stable version 1.3.

It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8.

This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907