VDB

DEBIAN-CVE-2011-1492

DEBIAN-CVE-2011-1492 PUBLISHED CVSS 6.900000095367432 MEDIUM

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

Risk Scores

CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:11roundcube0, 0, 0
Debian:13roundcube0, 0, 0
Debian:14roundcube0
Debian:12roundcube0, 0, 0

Timeline

  • Apr 8, 2011 CVE Published
  • May 10, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›