First published: Mon Aug 05 2024(Updated: )
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Roundcube Webmail | <1.5.8 | |
Roundcube Webmail | >=1.6.0<1.6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-42009 is considered a critical severity vulnerability due to its potential impact on user data privacy.
To fix CVE-2024-42009, upgrade to Roundcube version 1.5.8 or 1.6.8 and later.
CVE-2024-42009 is a Cross-Site Scripting vulnerability that allows remote attackers to exploit Desanitization issues.
CVE-2024-42009 affects Roundcube versions prior to 1.5.8 and 1.6.0 through 1.6.7.
Yes, CVE-2024-42009 can enable attackers to steal sensitive information by executing scripts in a victim's browser.