Class_Nzm

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.5.15 and prior to 1.6.15 Description A flaw exists in Roundcube Webmail that allows bypassing the remote image blocking feature through specially crafted SVG content within email messages. This bypass can potentially lead to information disclosure or access-control bypass. The issue involves the `animate` element utilizing attributes such as `fill`, `filter`, and `stroke`. Recommendations Update Roundcube Webmail to version 1.5.15 or later. Update Roundcube Webmail to version 1.6.15 or later.