CVE-2024-42009

CriticalKnown Exploited

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails…

mitre·CWE-79·Published 2024-08-05

CVSS

9.3

EPSS

0.83

KEV

Yes

Exploits

cve.orgen

265 chars

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

NVDen

265 chars

NVDes

319 chars

Una vulnerabilidad de Cross-Site Scripting en Roundcube hasta 1.5.7 y 1.6.x hasta 1.6.7 permite a un atacante remoto robar y enviar correos electrónicos de una víctima a través de un mensaje de correo electrónico manipulado que abusa de un problema de desanitización en message_body() en program/actions/mail/show.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
3.1	Primary	NVD	9.3	2.8	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
3.1	Secondary	NVD	9.3	2.8	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N