Description
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
Remediation
References
Related Vulnerabilities
WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62242)
WordPress Plugin Chained Quiz Cross-Site Scripting (1.1.9)
Moodle Incorrect Authorization Vulnerability (CVE-2024-48897)