CVE-2020-16145

Publication date

2020-08-12 12:29:44

Family

mitre

State

PUBLISHED

Description

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.