[Bug 1228900] VUL-0: CVE-2024-42009: A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_bo ...

https://bugzilla.suse.com/show_bug.cgi?id=1228900 https://bugzilla.suse.com/show_bug.cgi?id=1228900#c3 --- Comment #3 from Marcus Meissner <meissner@suse.com> --- openSUSE-SU-2024:0328-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1228900,1228901 CVE References: CVE-2024-42008,CVE-2024-42009,CVE-2024-42010 JIRA References: Sources used: openSUSE Backports SLE-15-SP6 (src): roundcubemail-1.6.8-bp156.2.3.1 openSUSE Backports SLE-15-SP5 (src): roundcubemail-1.6.8-bp155.2.12.1 -- You are receiving this mail because: You are on the CC list for the bug.