First published: Sun Jan 02 2022(Updated: )
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/roundcube | 1.3.17+dfsg.1-1~deb10u2 1.3.17+dfsg.1-1~deb10u3 1.4.14+dfsg.1-1~deb11u1 1.4.13+dfsg.1-1~deb11u1 1.6.3+dfsg-1~deb12u1 1.6.4+dfsg-1 | |
Roundcube Roundcube | <1.4.13 | |
Roundcube Roundcube | >=1.5.0<1.5.2 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/roundcube | <=1.4.12+dfsg.1-1~deb11u1<=1.5.1+dfsg-1<=1.3.17+dfsg.1-1~deb10u1<=1.3.0+dfsg.1-1 | 1.4.13+dfsg.1-1~deb11u1 1.3.17+dfsg.1-1~deb10u2 1.6~beta+dfsg-1 |
<1.4.13 | ||
>=1.5.0<1.5.2 | ||
=9.0 | ||
=10.0 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46144 is a vulnerability in Roundcube before version 1.4.13 and 1.5.x before 1.5.2 that allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
CVE-2021-46144 has a severity rating of 6.1 (medium).
The vulnerability affects Roundcube versions before 1.4.13 and 1.5.x before 1.5.2.
To fix the vulnerability, upgrade Roundcube to version 1.4.13 or 1.5.2.
You can find more information about CVE-2021-46144 at the following references: [link1], [link2], [link3].