- Description
- A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.3
- Impact score
- 5.8
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- Hype score
- Not currently trending
XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009) The exploit injects a malicious payload, allowing email exfiltration upon execution. 🔗 Check it out: https://t.co/yDvJugNQf8
@0xBassiouny1337
12 Feb 2025
80 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009) The exploit injects a malicious payload, allowing email exfiltration upon execution. 🔗 Check it out: https://t.co/yDvJugNQf8
@0xBassiouny1337
12 Feb 2025
118 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC573DD9-42FE-4467-89E4-E3DAC9E3C744",
"versionEndExcluding": "1.5.8"
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "350AC515-3D8C-48E1-9D73-023609560C8A",
"versionEndExcluding": "1.6.8",
"versionStartIncluding": "1.6.0"
}
],
"operator": "OR"
}
]
}
]