Description

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

Remediation

References

CVE-2020-13965

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)

WordPress Plugin iFrame Admin Pages 'url' Parameter Cross-Site Scripting (0.1)

WordPress Plugin SFBrowser 'sfbrowser.php' Arbitrary File Upload (1.4.5)

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-47828)

WordPress Plugin Genie WP Favicon Cross-Site Request Forgery (0.5.2)

Severity

Medium

Classification

CVE-2020-13965 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities