Bug#978491: roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages

Guilhem Moulin Sun, 27 Dec 2020 16:33:15 -0800

Source: roundcube
Severity: important
Tags: security
Control: found -1 1.4.9+dfsg.1-1
Control: found -1 1.3.15+dfsg.1-1~deb10u1
Control: found -1 1.2.3+dfsg.1-4+deb9u7


In a recent post roundcube webmail upstream has announced the following
security fix:

    Cross-site scripting (XSS) via HTML or Plain text messages with
    malicious content (CVE-2020-35730)

1.2.x, 1.3.x and 1.4.x branches are affected.  Upstream fix:

    1.4.x 
https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d
    1.3.x 
https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e
    1.2.x 
https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4

-- 
Guilhem.

signature.asc
Description: PGP signature

Bug#978491: roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages

Reply via email to