Zazy

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.6.x prior to 1.6.16 Roundcube Webmail versions 1.7.x prior to 1.7.1 **Description** A pre-authentication SQL injection exists in the `virtuser query` plugin. The issue stems from a backslash escape bypass within the `preg replace()` function, which fails to properly protect the SQL query structure. This allows a remote attacker to impact the confidentiality, integrity, and availability of the protected information. **Recommendations** Update to version 1.6.16 for versions 1.6.x. Update to version 1.7.1 for versions 1.7.x.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 **Description** Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to Server-Side Request Forgery (SSRF), where an attacker induces the server to make requests to an unintended location, or Information Disclosure. This occurs if stylesheet links point to local network hosts. **Recommendations** Update to version 1.6.16-2.1 for versions 1.6.14 through 1.6.16. Update to version 1.7.1 for versions prior to 1.7.1.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 **Description** Insecure code evaluation logic exists within the LDAP `autovalues` option, which could lead to code injection. **Recommendations** Update to version 1.6.16 for the 1.6.x branch. Update to version 1.7.1 for the 1.7.x branch.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 **Description** Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email message, potentially leading to information disclosure or privilege escalation. **Recommendations** Update versions 1.6.14 through 1.6.16 to a patched release. Update versions prior to 1.7.1 to version 1.7.1.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 **Description** An issue allows pre-authentication arbitrary file deletion through a session poisoning bypass when using redis or memcache. Session poisoning is a technique where an attacker manipulates session data to deceive the application into granting unauthorized access or performing unintended actions. **Recommendations** Update versions 1.6.x to 1.6.16. Update versions 1.7.x to 1.7.1.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 **Description** An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting (XSS), HTML, and CSS injection on shared mailboxes. This occurs when the application fails to properly clean the input in the subject field during the restoration of a draft. **Recommendations** Update to version 1.6.16 for versions in the 1.6.x branch. Update to version 1.7.1 for versions in the 1.7.x branch.