Description

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

Remediation

References

CVE-2017-6820

Related Vulnerabilities

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965)

WordPress Plugin WP Real Estate Unspecified Vulnerability (2.0)

MySQL CVE-2017-3645 Vulnerability (CVE-2017-3645)

WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)

IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1886)

Severity

Medium

Classification

CVE-2017-6820 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities