VDB
CVE-2021-46144
CVE-2021-46144
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
EPSS 1.05% · 78.0th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
1.05%
78.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 9.0, 11.0, 10.0 |
| n/a | n/a | * |
| roundcube | roundcube | 0, 1.5.0 |
Exploit Intelligence
- https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (circl)
- https://roundcube.net/news/2021/12/30/update-1.5.2-released (circl)
- https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (circl)
- https://roundcube.net/news/2021/12/30/security-update-1.4.13-released (circl)
- https://bugs.debian.org/1003027 (circl)
- DSA-5037 (circl)
- [debian-lts-announce] 20220112 [SECURITY] [DLA 2878-1] roundcube security update (circl)
- roundcube.yml (github-poc)
- roundcube.yml (github-poc)
- roundcube.yml (github-poc)
…and 1 more exploits
Timeline
- Jan 6, 2022 EPSS Score
- Jan 6, 2022 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 1, 2022 EPSS Score
- Apr 23, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 17, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- May 4, 2023 EPSS Score
References
- https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 url
- https://roundcube.net/news/2021/12/30/update-1.5.2-released url
- https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 url
- https://roundcube.net/news/2021/12/30/security-update-1.4.13-released url
- https://bugs.debian.org/1003027 url
- DSA-5037 vendor-advisory
- [debian-lts-announce] 20220112 [SECURITY] [DLA 2878-1] roundcube security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2021-46144 advisory