CVE-2020-35730

216.73.217.22

· Published 22/06/2023 02:00 · Modified 21/12/2025 14:15 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2020-35730

Essential information

Published: 22/06/2023 02:00
Modified: 21/12/2025 14:15
Author: Cybersecurity and Infrastructure Security Agency
Creator: Cybersecurity and Infrastructure Security Agency
CISA KEV: Yes
CWE: —
CVSS vector

Description

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

NVD status

NVD: View on NVD