Description
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Shop Multiple Vulnerabilities (3.4.3.18)
WordPress Plugin Search Meter CSV Injection (2.13.2)
Oracle Database Server CVE-2010-0892 Vulnerability (CVE-2010-0892)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.31)
Apache Tomcat Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-52316)