CVE-2024-42008 | RoundCube up to 1.5.7/1.6.7 Content-Type Header rcmail_action_mail_get cross site scripting

Inserito da Angelo Barbosa | Ago 5, 2024 | CVE

A vulnerability classified as problematic has been found in RoundCube up to 1.5.7/1.6.7. This affects the function rcmail_action_mail_get of the component Content-Type Header Handler. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-42008. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-42008 | RoundCube up to 1.5.7/1.6.7 Content-Type Header rcmail_action_mail_get cross site scripting

Post correlati

CVE-2024-23336 | MyBB up to 1.8.37 server-side request forgery

CVE-2021-47102 | Linux Kernel up to 5.15.11 marvell info->upper_dev out-of-bounds (5c553a0cd126/2efc2256febf)

CVE-2023-40544 | Westermo Lynx 206-F2G 4.24 TCP Communication cleartext transmission (icsa-24-023-04)

CVE-2024-31610 | code-projects Simple School Management System 1.0 File unrestricted upload