First published: Sun Nov 05 2023(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/roundcube | <=1.6.4+dfsg-1<=1.6.4+dfsg-1~deb12u1<=1.4.15+dfsg.1-1~deb11u1 | 1.6.5+dfsg-1 1.6.5+dfsg-1~deb12u1 1.4.15+dfsg.1-1~deb11u2 |
Roundcube Webmail | >=1.5.0<1.5.6 | |
Roundcube Webmail | >=1.6.0<1.6.5 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
debian/roundcube | 1.4.15+dfsg.1-1+deb11u4 1.6.5+dfsg-1+deb12u4 1.6.9+dfsg-1 | |
>=1.5.0<1.5.6 | ||
>=1.6.0<1.6.5 | ||
=37 | ||
=38 | ||
=39 | ||
=10.0 | ||
=11.0 | ||
=12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-47272.
The title of the vulnerability is Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header.
The severity of CVE-2023-47272 is medium with a severity value of 6.1.
Roundcube Webmail versions 1.5.x before 1.5.6 and 1.6.x before 1.6.5 are affected by CVE-2023-47272.
To fix CVE-2023-47272, it is recommended to update to Roundcube Webmail versions 1.5.6 or 1.6.5.