CERT Polska and nullcathedral discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform CSS injection attacks, or leak sensitive information. For the oldstable distribution (bookworm), these problems have been fixed
Source: https://linuxsecurity.com/advisories/de ... 2026-25916
Debian Roundcube Important CSS Injection Threat DSA-6137-1 CVE-2026-25916
Who is online
Users browsing this forum: No registered users and 0 guests