Complete Story


Roundcube XSS vulnerability opens the door to email account takeover

The Daily Swig

Roundcube is urging users to update their installations to resolve a security vulnerability that can be exploited to conduct stored, or persistent, cross-site scripting (XSS) attacks.

On July 21, an advisory was published concerning CVE-2020-15562, a vulnerability present in the Roundcube stable version 1.4 and LTS versions 1.3 and 1.2.

Written in PHP, Roundcube is an open source webmail project which offers a browser-based skinnable IMAP client in multiple languages. Features include MIME support, an address book, folders, and message search functionality.

Roundcube currently uses the jQuery 3.x client.


Printer-Friendly Version