First published: Thu Jun 24 2021(Updated: )
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Roundcube Webmail | =1.4.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cross Site Scripting (XSS) vulnerability is CVE-2020-18670.
The severity of CVE-2020-18670 is medium with a severity value of 5.4.
Roundcube Webmail version 1.4.4 is affected by CVE-2020-18670.
We do not provide information or support for exploiting vulnerabilities.
Update Roundcube Webmail to version 1.4.5 or 1.3.12 as recommended by the Roundcube project.