Valentin T

**Name of the Vulnerable Software and Affected Versions** Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12 **Description** An information disclosure issue exists in the HTML style sanitizer component of Roundcube Webmail. The issue could allow for the disclosure of information. **Recommendations** Update Roundcube to version 1.5.12 or later. Update Roundcube to version 1.6.12 or later.

**Name of the Vulnerable Software and Affected Versions** Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12 **Description** Roundcube Webmail contains a Cross-Site Scripting (XSS) issue stemming from the use of the animate tag within SVG documents. This allows attackers to execute malicious scripts. Additionally, an Information Disclosure issue exists in the HTML style sanitizer. The issue is actively exploited and could lead to email account takeover. There is no information available regarding the number of affected devices. **Recommendations** Roundcube versions prior to 1.5.12 should be updated to version 1.5.12 or later. Roundcube versions prior to 1.6.12 should be updated to version 1.6.12 or later.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.5.0 through 1.5.6 Roundcube Webmail versions 1.6.0 through 1.6.6 **Description** The issue is related to an incomplete fix for a previous problem and allows command injection via `im convert path` and `im identify path`. This can potentially allow a remote attacker to elevate their privileges. The problem exists because of insufficient data cleaning at the management level. **Recommendations** For Roundcube Webmail versions 1.5.0 through 1.5.6, update to version 1.5.7 or later. For Roundcube Webmail versions 1.6.0 through 1.6.6, update to version 1.6.7 or later. As a temporary workaround, consider restricting access to the `im convert path` and `im identify path` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0 **Description** An issue in Zimbra Collaboration allows for cross-site scripting (XSS) attacks. This can occur via one of the attributes of the webmail "/h/" endpoint, enabling the execution of arbitrary JavaScript code and leading to information disclosure. The vulnerability exists due to inadequate protection of the web page structure, which can be exploited by a remote attacker to conduct an XSS attack. **Recommendations** For Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0, consider disabling access to the "/h/" endpoint as a temporary workaround until a patch is available. Restrict the use of attributes that can lead to XSS attacks in the webmail interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions prior to 1.5.7 and 1.6.x prior to 1.6.7 Description: The issue is related to a stored cross-site scripting vulnerability in the Roundcube webmail software, allowing an attacker to execute JavaScript code on the user's page. This vulnerability can be exploited by sending a malicious email to a user, which then executes the malicious code when the email is opened. The vulnerability is caused by improper filtering of SVG tags, specifically the `animate` attributes. It is reported that over 2.7 million services are potentially affected, and there have been real-world incidents where this issue was exploited to steal credentials and compromise emails. Recommendations: For versions prior to 1.5.7 and 1.6.x prior to 1.6.7, update to version 1.5.7 or 1.6.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of SVG elements in emails until a patch is applied. Restrict access to the vulnerable Roundcube webmail software to minimize the risk of exploitation. Avoid using the `animate` attributes in SVG elements in emails until the issue is resolved.