Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

Remediation

References

CVE-2014-9587

Related Vulnerabilities

WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More Security Bypass (4.6.00)

GlassFish CVE-2010-4438 Vulnerability (CVE-2010-4438)

Atlassian Jira CVE-2021-26081 Vulnerability (CVE-2021-26081)

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Privilege Escalation (2.6.4)

Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31042)

Severity

Medium

Classification

CVE-2014-9587

Tags

Missing Update Known Vulnerabilities