Assigner | mitre |
Reserved | 2024-06-07 |
Published | 2024-06-07 |
Updated | 2024-06-17 |
Description
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
References
https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html ([debian-lts-announce] 20240617 [SECURITY] [DLA 3835-1] roundcube security update)