skyllpro

3 exploits Active since Dec 2020
CVE-2023-43770 NOMISEC MEDIUM WORKING POC
Roundcube <1.4.14, <1.5.4, <1.6.3 - XSS
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
CVSS 6.1
CVE-2021-44026 NOMISEC CRITICAL WORKING POC
Roundcube Webmail < 1.3.17 - SQL Injection
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
CVSS 9.8
CVE-2020-35730 NOMISEC MEDIUM WORKING POC
Roundcube Webmail < 1.2.13 - XSS
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
CVSS 6.1