CVE-2024-42009 | RoundCube up to 1.5.7/1.6.7 E-Mail Message show.php message_body cross site scripting

Posted by Angelo Barbosa | Aug 5, 2024 | CVE

A vulnerability was found in RoundCube up to 1.5.7/1.6.7. It has been classified as problematic. Affected is the function message_body of the file program/actions/mail/show.php of the component E-Mail Message Handler. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2024-42009. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-42009 | RoundCube up to 1.5.7/1.6.7 E-Mail Message show.php message_body cross site scripting

Related Posts

Mozilla Firefox javascript URL Remote Code Execution

CVE-2023-48802 | Totolink X6000R 9.4.0cu.852_B20230719 shttpd sub_4119A0 Privilege Escalation

CVE-2024-28132 | F5 BIG-IP Next CNF 1.2.0/1.2.1 Global Server Load Balancing Container information disclosure (K000138913)

CVE-2024-41035 | Linux Kernel up to 6.9.9 USB config.c endpoint_is_duplicate bEndpointAddress Privilege Escalation