openSUSE-SU-2021:0931-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0931-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0931-1
- Related
- Published
- 2021-06-27T05:03:50Z
- Modified
- 2021-06-27T05:03:50Z
- Summary
- Security update for roundcubemail
- Details
-
This update for roundcubemail fixes the following issues:
Upgrade to version 1.3.16
This is a security update to the LTS version 1.3.
It fixes a recently reported stored cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content.
References:
- CVE-2020-18670: Cross Site Scripting (XSS) vulneraibility via database host and user in /installer/test.php (boo#1187707)
- CVE-2020-18671: Cross Site Scripting (XSS) vulnerability via smtp config in /installer/test.php (boo#1187706)
- CVE-2020-35730: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content (boo#1180399)
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPHYZD6Y3QJBTGPLX66Y3DJ3KCNEUJQ/
- https://bugzilla.suse.com/1180399
- https://bugzilla.suse.com/1187706
- https://bugzilla.suse.com/1187707
- https://www.suse.com/security/cve/CVE-2020-18670
- https://www.suse.com/security/cve/CVE-2020-18671
- https://www.suse.com/security/cve/CVE-2020-35730