CVE-2024-42008 | RoundCube up to 1.5.7/1.6.7 Content-Type Header rcmail_action_mail_get cross site scripting

Posted by Angelo Barbosa | Aug 5, 2024 | CVE

A vulnerability classified as problematic has been found in RoundCube up to 1.5.7/1.6.7. This affects the function rcmail_action_mail_get of the component Content-Type Header Handler. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-42008. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-42008 | RoundCube up to 1.5.7/1.6.7 Content-Type Header rcmail_action_mail_get cross site scripting

Related Posts

CVE-2024-30443 | GS Plugins GS Testimonial Slider Plugin up to 3.1.4 on WordPress cross site scripting

CVE-2023-51416 | EnvialoSimple EnvíaloSimple Plugin up to 2.3 on WordPress cross-site request forgery

CVE-2024-6751 | Social Auto Poster Plugin up to 5.3.14 on WordPress cross-site request forgery

CVE-2024-26932 | Linux Kernel up to 6.8.2/6.9-rc1 typec tcpm_port_unregister_pd double free (242e425ed580/b63f90487bdf)