Back to CVE List

CVE-2026-48848

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Vulnerability Description

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
Roundcube
Product
Webmail

External References

Discussion (0)

Add Comment

No comments yet. Be the first!