CNNVD-202512-3717 Information

CNNVD ID

CNNVD-202512-3717

Related CVE

CVE-2025-68461

• CNNVD Published: 2025-12-18

Description (Chinese)

Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.12之前版本和1.6.12之前的1.6版本存在跨站脚本漏洞，该漏洞源于SVG文档中的animate标签可能导致跨站脚本攻击。

Description (English)

Rundcube Webmail is an open-source IMAP client based on a browser that supports address book management, information search, spell checking, etc. Pre-Rundcube Webmail 1.5.12 and pre-Mix 1.6.12 have a cross-site script loophole that originates from animate labels in SVG files that may result in cross-site script attacks.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Roundcube

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12

Patch

https://roundcube.net/download/