Home
HIGH: 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NDefault status
unaffected
Any version before 1.5.12
affected
1.6.0 (semver) before 1.6.12
affected
Description
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Product status
Any version before 1.5.12
1.6.0 (semver) before 1.6.12
References
roundcube.net/...25/12/13/security-updates-1.6.12-and-1.5.12
github.com/...ommit/bfa032631c36b900e7444dfa278340b33cbf7cdb
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
