Test ID:	1.3.6.1.4.1.25623.1.0.126526
Category:	Web application abuses
Title:	Roundcube Webmail < 1.5.6, 1.6.x < 1.6.5 XSS Vulnerability
Summary:	Roundcube Webmail is prone to a cross-site scripting (XSS); vulnerability.
Description:	Summary: Roundcube Webmail is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw allows XSS in setting Content-Type/Content-Disposition for attachment preview/download. Affected Software/OS: Roundcube Webmail versions prior to 1.5.6 and 1.6.x prior to 1.6.5. Solution: Update to version 1.5.6, 1.6.5 or later. Note: The vendor doesn't plan any more releases in the 1.4 line. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-47272 Debian Security Information: DSA-5572 (Google Search) https://www.debian.org/security/2023/dsa-5572 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFRGBPET73URF6364CI547ZVWQESJLGK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4F4DUA3Q46ZVB2RD7BFP4XMNS4RYFFQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GILSR762MJB3BNJOVOCMW2JXEPV46IIQ/ https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d https://github.com/roundcube/roundcubemail/releases/tag/1.5.6 https://github.com/roundcube/roundcubemail/releases/tag/1.6.5 https://lists.debian.org/debian-lts-announce/2023/12/msg00005.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.