THREATOPS
THREAT OPSCVEs › CVE-2020-35730

CVE-2020-35730 — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

CISA KEVExploited: confirmedRoundcube

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Vulnerability details