← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-35730 — Actively Exploited: Roundcube Webmail (Roundcube)

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

CVE IDCVE-2020-35730
VendorRoundcube
ProductRoundcube Webmail
Vulnerability nameRoundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Date added2023-06-22
Remediation due2023-07-13
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionRoundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →