Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x

Description The issue concerns several security problems, including cross-site scripting (XSS) vulnerabilities in handling SVG animate attributes and list columns from user preferences, as well as a command injection vulnerability via crafted im convert path/im identify path on Windows. These vulnerabilities were reported by Valentin T. and Lutz Wolf of CrowdStrike, and Huy Nguyễn Phạm Nhật.

Recommendations For Roundcube Webmail version 1.6.x, update to the latest stable version 1.6 to resolve the issues. Before updating, ensure to backup your data.