| Vulnerability Name: | CVE-2021-26925 (CCN-196818) | ||||||||||||
| Assigned: | 2021-02-09 | ||||||||||||
| Published: | 2021-02-09 | ||||||||||||
| Updated: | 2022-03-10 | ||||||||||||
| Summary: | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-26925 Source: XF Type: UNKNOWN roundcube-cve202126925-xss(196818) Source: CCN Type: Roundcube GIT Repository Fix cross-site scripting (XSS) via HTML messages with malicious CSS Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-aef54ec149 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-434b65378a Source: MISC Type: Release Notes, Third Party Advisory https://roundcube.net/news/2021/02/08/security-update-1.4.11 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||