CVE-2016-4069

Risk Scores

Affected Products

Exploit Intelligence

• 92654 (circl)
• https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 (circl)
• https://github.com/roundcube/roundcubemail/issues/4957 (circl)
• openSUSE-SU-2016:2109 (circl)
• [oss-security] 20160423 Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF (circl)
• https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 (circl)
• https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (circl)
• https://github.com/roundcube/roundcubemail/releases/tag/1.1.5 (circl)
• roundcube.yml (github-poc)
• roundcube.yml (github-poc)

…and 4 more exploits

Timeline

• Aug 25, 2016 CVE Published
• Feb 4, 2022 EPSS Score
• Mar 29, 2022 EPSS Score
• May 20, 2022 EPSS Score
• Sep 3, 2022 EPSS Score
• Oct 26, 2022 EPSS Score
• Dec 18, 2022 EPSS Score
• Feb 8, 2023 EPSS Score
• Mar 7, 2023 EPSS Score
• May 25, 2023 EPSS Score
• Jun 16, 2023 EPSS Score
• Jul 16, 2023 EPSS Score

References

• https://ubuntu.com/security/CVE-2016-4069 third-party-advisory
• https://github.com/roundcube/roundcubemail/issues/4957 third-party-advisory
• https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 third-party-advisory
• https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 third-party-advisory
• https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 third-party-advisory
• http://www.openwall.com/lists/oss-security/2016/04/23/3 third-party-advisory
• https://www.cve.org/CVERecord?id=CVE-2016-4069 third-party-advisory