CVE-2020-13965

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS

Description

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

DrunkenShells/Disclosures
DrunkenShells/Disclosures
Public Disclosures
GitHubGitHub
92
roundcube/roundcubemail
roundcube/roundcubemail
The Roundcube Webmail suite
GitHubGitHub
7K