All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2020-35730
NONEKEVpublish date unavailable
CVSS / 10
// description
Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2023-06-22 00:00 UTC