CVE-2024-57004

Name of the Vulnerable Software and Affected Versions Roundcube Webmail version 1.6.9

Description The issue allows remote authenticated users to upload a malicious file as an email attachment. This leads to the triggering of a Cross-Site Scripting (XSS) attack when the SENT session is visited.

Recommendations For Roundcube Webmail version 1.6.9, consider disabling the file upload feature for email attachments until a patch is available. Restrict access to the SENT session to minimize the risk of exploitation. Avoid using the email attachment feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.