VDB
GCVE-110-MAGEIA-2023-332
GCVE-110-MAGEIA-2023-332
Advisory Published
Updated roundcubemail package fixes security vulnerabilities:
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/
Content-Disposition for attachment preview/download (CVE-2023-47272)
Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML
messages. (CVE-2023-5631)
Some other errors have been fixed:
- Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE
- Fix duplicated Inbox folder on IMAP servers that do not use Inbox
folder with all capital letters
- Fix PHP warnings
- Fix UI issue when dealing with an invalid managesieve_default_headers
value
- Fix bug where images attached to application/smil messages weren't
displayed
- Fix PHP string replacement error in utils/error.php
- Fix regression where smtp_user did not allow pre/post strings
before/after %u placeholder
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | roundcubemail | 0 (affected), 1.6.5-1.mga9 (unaffected) | — |
Aliases
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.