CVE-2019-13389

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-13389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13389.json

Related

DLA-3435-1

Published

2020-03-20T19:15:12Z

Modified

2023-11-29T07:03:26.545466Z

Details

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.

References

Affected packages

Git / github.com/RainLoop/rainloop-webmail

Affected ranges

Type: GIT
Repo: https://github.com/RainLoop/rainloop-webmail
Events: Introduced

0The exact introduced commit is unknown

Fixed

8eb4588917b4741889fdd905d4c32e3e86317693

Type: GIT
Repo: https://github.com/rainloop/rainloop-webmail
Events: Introduced

0The exact introduced commit is unknown

Fixed

cdfe5fb232e085b7ef86f2adce66ca03536dc7af

Affected versions

v1.*

v1.10.1.117-beta.1

v1.10.1.121-beta.2

v1.10.1.123

v1.10.1.127

v1.10.2.131-beta.1

v1.10.2.133-beta.2

v1.10.2.136-beta.3

v1.10.2.137-beta.4

v1.10.2.140

v1.10.2.141

v1.10.2.145

v1.10.3.150-beta.1

v1.10.3.151

v1.10.4.160-beta.1

v1.10.4.176-beta.2

v1.10.4.177-beta.3

v1.10.4.179

v1.10.4.180

v1.10.4.181

v1.10.4.183

v1.10.5.192

v1.11.0.201-beta.1

v1.11.0.203

v1.11.1

v1.11.2

v1.11.3

v1.12.0

v1.12.1