PT-2018-13712 · Roundcube · Roundcube Rcfilters Plugin

Fahimeh Rezaei

Publicado

2018-09-09

Atualizado

2018-11-06

CVE-2018-16736

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Roundcube rcfilters plugin version 2.1.6

Description The issue exists in the Filters section of the settings, where XSS can be triggered via the whatfilter and messages parameters.

Recommendations For Roundcube rcfilters plugin version 2.1.6, avoid using the whatfilter and messages parameters in the Filters section of the settings until the issue is resolved. As a temporary workaround, consider restricting access to the Filters section to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-16736

Produtos afetados

Roundcube Rcfilters Plugin

PT-2018-13712 · Roundcube · Roundcube Rcfilters Plugin

CVE-2018-16736

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5