CVE-2020-35730

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php. Vendor/Product: Roundcube Roundcube Webmail. Added to CISA KEV 2023-06-22; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2020-35730