vulnerability

Ubuntu: USN-6848-1 (CVE-2023-5631): Roundcube vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	10/18/2023	06/27/2024	02/20/2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

10/18/2023

Added

06/27/2024

Modified

02/20/2025

Description

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker

to load arbitrary JavaScript code.

Solution(s)

ubuntu-pro-upgrade-roundcubeubuntu-pro-upgrade-roundcube-core

References

CVE-2023-5631
https://attackerkb.com/topics/CVE-2023-5631
UBUNTU-USN-6848-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today