PT-2018-13712 · Roundcube · Roundcube Rcfilters Plugin

Fahimeh Rezaei

Published

2018-09-09

Updated

2018-11-06

CVE-2018-16736

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Roundcube rcfilters plugin version 2.1.6

Description The issue exists in the Filters section of the settings, where XSS can be triggered via the whatfilter and messages parameters.

Recommendations For Roundcube rcfilters plugin version 2.1.6, avoid using the whatfilter and messages parameters in the Filters section of the settings until the issue is resolved. As a temporary workaround, consider restricting access to the Filters section to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-16736

Affected Products

Roundcube Rcfilters Plugin

PT-2018-13712 · Roundcube · Roundcube Rcfilters Plugin

CVE-2018-16736

Weakness Enumeration

Related Identifiers

Affected Products

References · 5