diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-06 07:57:58 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-06 07:57:58 +0200 |
commit | 535aca8edce062ad6fce124fa0713f506057efb8 (patch) | |
tree | 94c6842a2103bc8a0ae3ea6efd930a1571a02a3b /data/CVE | |
parent | 143637ad98af1ad90676151ed8b35eb7fc6c26d0 (diff) |
Add new roundcube issue
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 4d08302673..e28eab4f15 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,8 @@ +CVE-2020-XXXX [Cross-Site Scripting (XSS) vulnerability via HTML messages with malicious svg/namespace] + - roundcube 1.4.7+dfsg.1-1 (bug #964355) + NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82 + NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b + NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...) TODO: check CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...) |