CVE-2024-42008
Aug. 5, 2024, 7:15 p.m.
Tags
Product(s) Impacted
Roundcube
- 1.5.7
- 1.6.x - 1.6.7
Description
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
Weaknesses
Date
Published: Aug. 5, 2024, 7:15 p.m.
Last Modified: Aug. 5, 2024, 7:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://github.com/
cve@mitre.org
https://github.com/
cve@mitre.org
https://github.com/
cve@mitre.org
https://roundcube.net/
cve@mitre.org
https://sonarsource.com/
cve@mitre.org