CVE-2020-12625

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.4.4

Description The issue is related to a cross-site scripting (XSS) vulnerability in the rcube washtml.php file of Roundcube Webmail. This vulnerability occurs because JavaScript code can be present in the CDATA of an HTML message, allowing for potential exploitation. The vulnerability may allow a remote attacker to impact data integrity.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the rcube washtml.php file until a patch is available. Restrict access to the vulnerable rcube washtml.php file to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2019-2818

ALT-PU-2019-2946

ALT-PU-2019-3109

ALT-PU-2020-1898

ALT-PU-2020-2097

ALT-PU-2020-2319

ALT-PU-2020-2367

ALT-PU-2020-2518

ALT-PU-2020-2554

ALT-PU-2020-3561

ALT-PU-2020-3566

ALT-PU-2021-3558

ALT-PU-2022-1073

ALT-PU-2025-1825

ALT-PU-2025-8283

BDU:2020-03992

BIT-ROUNDCUBE-2020-12625

CVE-2020-12625

DSA-4674-1

MGASA-2020-0206

OPENSUSE-SU-2020:1516-1

OPENSUSE-SU-2020_1516-1

USN-5182-1

Affected Products

Alt Linux

Linuxmint

Roundcube Webmail

Suse

Ubuntu

CVE-2020-12625

Weakness Enumeration

Related Identifiers

Affected Products

References · 60