CVE-2024-37383
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
| Software | From | Fixed in |
|---|---|---|
| roundcube / webmail | - | 1.5.7 |
| roundcube / webmail | 1.6.0 | 1.6.7 |
| debian / debian_linux | 10.0 | 10.0.x |
- https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
- https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
- https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37383
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime