CVE-2024-37384
Published: 7 June 2024
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.
Priority
Status
Package | Release | Status |
---|---|---|
roundcube Launchpad, Ubuntu, Debian |
bionic |
Released
(1.3.6+dfsg.1-1ubuntu0.1~esm4)
Available with Ubuntu Pro |
focal |
Released
(1.4.3+dfsg.1-1ubuntu0.1~esm4)
Available with Ubuntu Pro |
|
jammy |
Released
(1.5.0+dfsg.1-2ubuntu0.1~esm3)
Available with Ubuntu Pro |
|
mantic |
Released
(1.6.2+dfsg-1ubuntu0.2)
|
|
noble |
Not vulnerable
(1.6.6+dfsg-2)
|
|
upstream |
Released
(1.6.7+dfsg-1)
|
|
xenial |
Released
(1.2~beta+dfsg.1-0ubuntu1+esm4)
Available with Ubuntu Pro |
References
- https://www.cve.org/CVERecord?id=CVE-2024-37384
- https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
- https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
- https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7
- https://ubuntu.com/security/notices/USN-6848-1
- NVD
- Launchpad
- Debian