THREAT OPS › CVEs › CVE-2020-35730
CVE-2020-35730 — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.
Vulnerability details
- Affected productsRoundcube Webmail
- KEV remediation due2023-07-13