CVE-2020-16145

Published August 12th, 2020

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

roundcube/roundcubemail

The Roundcube Webmail suite

GitHub