QID 730959

Roundcube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides functionality such as MIME support, address book, folder management, message searching and spell checking.

This vulnerability exists in the program/lib/Roundcube/rcube_washtml.php source file that handles SVG Documents due to improper sanitization of user supplied input. An unauthenticated, remote attacker exploit this vulnerability by transmitting malicious emails containing a crafted SVG document to load arbitrary JavaScript code. Successful exploitation could allow the attacker to execute arbitrary JavaScript code.

Affected versions:
Roundcube Webmail prior to 1.4.15
Roundcube Webmail 1.5.x before 1.5.5
Roundcube Webmail 1.6.x before 1.6.4

Detection Logic:
This QID detects versions of Roundcube to determine if a particular version is vulnerable.

NOTE: This vulnerability is a part of the CISA Known Exploited Vulnerabilities Catalog since the Winter Vivern APT group has been known to exploit this vulnerability.

Successful exploitation could allow an unauthenticated, remote attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.