VDB

GCVE-110-MAGEIA-2023-332

GCVE-110-MAGEIA-2023-332
Advisory Published
Vulnetix · Advisory published December 1, 2023
Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting (XSS) vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download (CVE-2023-47272) Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. (CVE-2023-5631) Some other errors have been fixed: - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters - Fix PHP warnings - Fix UI issue when dealing with an invalid managesieve_default_headers value - Fix bug where images attached to application/smil messages weren't displayed - Fix PHP string replacement error in utils/error.php - Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder

Affected Products

VendorProductVersionsPlatforms
Mageiaroundcubemail0 (affected), 1.6.5-1.mga9 (unaffected)

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›