Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

  • Published: Jun 7, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-37383
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
roundcube / webmail - 1.5.7
roundcube / webmail 1.6.0 1.6.7
debian / debian_linux 10.0 10.0.x