roundcube vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the roundcube package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u10
C SQL Injection	<1.2.3+dfsg.1-4+deb9u9
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u9
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u8
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u7
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u6
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u5
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u5
L Arbitrary Argument Injection	*
L Directory Traversal	*
M Cross-site Request Forgery (CSRF)	<1.2.3+dfsg.1-4+deb9u4
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u4
L CVE-2019-15237	*
M CVE-2019-10740	*
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-4+deb9u3
H Information Exposure	*
H Improper Input Validation	<1.2.3+dfsg.1-4+deb9u2
H Incorrect Permission Assignment for Critical Resource	<1.2.3+dfsg.1-4+deb9u2
H Files or Directories Accessible to External Parties	<1.2.3+dfsg.1-4+deb9u1
M Cross-site Scripting (XSS)	<1.1.2+dfsg.1-1
M Information Exposure	<1.1.2+dfsg.1-1
H Improper Privilege Management	<1.2.3+dfsg.1-4
M Cross-site Scripting (XSS)	<1.1.5+dfsg.1-1
M Cross-site Scripting (XSS)	<1.2.1+dfsg.1-1
M Cross-site Scripting (XSS)	<1.2.3+dfsg.1-3
H Out-of-Bounds	<1.1.1+dfsg.1-2
H Arbitrary Code Injection	<1.1.1+dfsg.1-2
M Cross-site Scripting (XSS)	<1.2.0+dfsg.1-1
H Improper Access Control	<1.2.3+dfsg.1-1
H Cross-site Request Forgery (CSRF)	<1.1.5+dfsg.1-1
M Cross-site Scripting (XSS)	<1.1.2+dfsg.1-1
M Directory Traversal	<1.1.2+dfsg.1-1
H Directory Traversal	<1.1.4+dfsg.1-1
L Cross-site Scripting (XSS)	<1.1.3+dfsg.1-1
L Cross-site Scripting (XSS)	<0.9.5+dfsg1-4.2
M Cross-site Request Forgery (CSRF)	<1.1.1+dfsg.1-2
M Directory Traversal	<0.7.2-9
H SQL Injection	<0.9.4-1.1
M Cross-site Scripting (XSS)	<0.9.4-1
M Cross-site Scripting (XSS)	<0.7.2-4
M Cross-site Scripting (XSS)	<0.7.2-4
L Cross-site Scripting (XSS)	<0.7-1
M Resource Management Errors	<0.6+dfsg-1
L Cross-site Scripting (XSS)	<0.5.4+dfsg-1
L Improper Input Validation	<0.5.1-1
M Improper Input Validation	<0.5.1-1
M Information Exposure	<0.3.1-3
M Cross-site Request Forgery (CSRF)	<0.3-1
M Cross-site Request Forgery (CSRF)	<0.3-1
L Cross-site Scripting (XSS)	<0.2~stable-1
L Resource Management Errors	<0.1.1-10
H Arbitrary Code Injection	<0.1.1-9
L Cross-site Scripting (XSS)	<0.1~rc2-6

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

<1.2.3+dfsg.1-4+deb9u10