CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2015-8864
https://notcve.org/view.php?id=CVE-2015-8864
13 Apr 2017 — Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. La vulnerabilidad XSS en Roundcube Webmail en versiones anteriores a 1.0.9 y 1.1.x en versiones anteriores a 1.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un SVG manipulado, una vulnerabilidad diferente a CVE-2016-4068. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4068
https://notcve.org/view.php?id=CVE-2016-4068
13 Apr 2017 — Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. Vulnerabilidad XSS en Roundcube Webmail en versiones anteriores a 1.0.9 y 1.1.x en versiones anteriores a 1.1.5 permite a atacantes remotos inyectar scripts web o HTML a través de un SVG manipulado, una vulnerabilidad diferente a CVE-2015-8864. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 35%CPEs: 5EXPL: 4CVE-2015-8770 – Roundcube Webmail 1.1.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-8770
15 Jan 2016 — Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php. Vulnerabilidad de salto de directorio en la función set_skin en program/include/rcmail_output_html.php en Roundcube en versiones anteriores a 1.0.8 y 1.1.x en versiones anteriores a 1.1.4 ... • https://packetstorm.news/files/id/135274 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •