Security Advisory

CVE-2020-35730

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-28 19:37:08

Last updated 2025-10-21 23:35:31

Assigner mitre

State PUBLISHED

Description

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

← Browse all CVEs View on cve.org ↗