VDB
DEBIAN-CVE-2011-1492
DEBIAN-CVE-2011-1492
PUBLISHED
CVSS 6.900000095367432 MEDIUM
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | roundcube | 0, 0, 0 |
| Debian:13 | roundcube | 0, 0, 0 |
| Debian:14 | roundcube | 0 |
| Debian:12 | roundcube | 0, 0, 0 |
Timeline
- Apr 8, 2011 CVE Published
- May 10, 2026 CVE Updated