Launchpad CVE tracker

CVE 2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

Related bugs and status

CVE-2023-5631 (Candidate) is related to these bugs:

Bug #2043396: roundcube vulnerability CVE-2023-5631 not resolved

Summary				In	Importance	Status
	2043396	roundcube vulnerability CVE-2023-5631 not resolved		roundcube (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/rou...
MISC: https://github.com/rou...
MISC: https://github.com/rou...
MISC: https://github.com/rou...
MISC: https://bugs.debian.or...
MISC: https://github.com/rou...
MISC: https://github.com/rou...
MISC: https://roundcube.net/...
MISC: https://roundcube.net/...
DEBIAN: DSA-5531
MLIST: [debian-lts-announce] ...
MLIST: [oss-security] 2023103...
MLIST: [oss-security] 2023110...
FEDORA: FEDORA-2023-735ee6d4e1
MLIST: [oss-security] 2023111...

Launchpad.net

CVE 2023-5631

Related bugs and status

Related bugs

References