CVE-2023-5631
Stored XSS vulnerability in Roundcube
In short
Roundcube email clients before certain versions allow attackers to inject malicious JavaScript code through specially crafted HTML emails with SVG documents. This code runs when a user views the email, potentially compromising their account or stealing sensitive information.
Technical detail
Stored XSS vulnerability in rcube_washtml.php fails to properly sanitize SVG elements within HTML email messages, allowing remote attackers to inject arbitrary JavaScript. Attack vector is user email viewing; no authentication required beyond receiving the malicious message. Impact includes session hijacking and credential theft.
Summary generated and translated by AI from the official description.
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker
to load arbitrary JavaScript code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Roundcube · RoundcubemailWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31dhttps://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613https://github.com/roundcube/roundcubemail/issues/9168https://github.com/roundcube/roundcubemail/releases/tag/1.4.15https://github.com/roundcube/roundcubemail/releases/tag/1.5.5https://github.com/roundcube/roundcubemail/releases/tag/1.6.4https://lists.debian.org/debian-lts-announce/2023/10/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/https://roundcube.net/news/2023/10/16/security-update-1.6.4-releasedhttps://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-5631