roundcube vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the roundcube package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<1.2~beta+dfsg.1-0ubuntu1+esm2
M Directory Traversal	<1.2~beta+dfsg.1-0ubuntu1+esm2
M Cross-site Request Forgery (CSRF)	<1.2~beta+dfsg.1-0ubuntu1+esm2
M Cross-site Scripting (XSS)	<1.2~beta+dfsg.1-0ubuntu1+esm2
M Information Exposure	*
M Incorrect Permission Assignment for Critical Resource	*
M Inclusion of Functionality from Untrusted Control Sphere	*
H Deserialization of Untrusted Data	<1.2~beta+dfsg.1-0ubuntu1+esm6
M CVE-2019-10740	*
L CVE-2019-15237	*
H Arbitrary Argument Injection	<1.2~beta+dfsg.1-0ubuntu1+esm2
H SQL Injection	<1.2~beta+dfsg.1-0ubuntu1+esm2
H Cross-site Scripting (XSS)	<1.2~beta+dfsg.1-0ubuntu1+esm3
M CVE-2024-37384	<1.2~beta+dfsg.1-0ubuntu1+esm4
H Cross-site Scripting (XSS)	<1.2~beta+dfsg.1-0ubuntu1+esm2
M Cross-site Scripting (XSS)	<1.2~beta+dfsg.1-0ubuntu1+esm2
H Cross-site Scripting (XSS)	<1.2~beta+dfsg.1-0ubuntu1+esm2
M Cross-site Scripting (XSS)	*
M Improper Input Validation	*
H Files or Directories Accessible to External Parties	<1.2~beta+dfsg.1-0ubuntu1+esm5
M Improper Privilege Management	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Improper Access Control	*
M Cross-site Request Forgery (CSRF)	*
M Resource Management Errors	*