VDB

GCVE-110-MAGEIA-2024-193

GCVE-110-MAGEIA-2024-193
Advisory Published
Vulnetix · Advisory published May 25, 2024
This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Reported by Huy Nguyễn Phạm Nhật. Fix command injection via crafted im_convert_path/im_identify_path on Windows. Reported by Huy Nguyễn Phạm Nhật. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

Affected Products

VendorProductVersionsPlatforms
Mageiaopencpn-o-charts-plugin0 (affected), 2.0.10.0-1.mga9.nonfree (unaffected)
Mageiaroundcubemail0 (affected), 1.6.7-1.mga9 (unaffected), 0 (affected), 1.6.7-1.mga9 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›