VDB
GCVE-110-MAGEIA-2024-193
GCVE-110-MAGEIA-2024-193
Advisory Published
This is a security update to the stable version 1.6 of Roundcube
Webmail.
Fix cross-site scripting (XSS) vulnerability in handling SVG animate
attributes.
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
Fix cross-site scripting (XSS) vulnerability in handling list columns
from user preferences.
Reported by Huy Nguyễn Phạm Nhật.
Fix command injection via crafted im_convert_path/im_identify_path on
Windows.
Reported by Huy Nguyễn Phạm Nhật.
This version is considered stable and we recommend to update all
productive installations of Roundcube 1.6.x with it. Please do backup
your data before updating!
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | opencpn-o-charts-plugin | 0 (affected), 2.0.10.0-1.mga9.nonfree (unaffected) | — |
| Mageia | roundcubemail | 0 (affected), 1.6.7-1.mga9 (unaffected), 0 (affected), 1.6.7-1.mga9 (unaffected) | — |
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.