Security Advisory

CVE-2024-42009

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-05 00:00:00

Last updated 2025-10-21 22:55:48

Assigner mitre

State PUBLISHED

Description

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

← Browse all CVEs View on cve.org ↗