FKIE_CVE-2013-5645

Vulnerability from fkie_nvd - Published: 2013-08-29 12:07 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html
cve@mitre.orghttp://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/githubExploit, Patch
cve@mitre.orghttp://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/githubExploit, Patch
cve@mitre.orghttp://trac.roundcube.net/ticket/1489251
cve@mitre.orghttp://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html
af854a3a-2127-422b-91ae-364da2661108http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/githubExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/githubExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://trac.roundcube.net/ticket/1489251
af854a3a-2127-422b-91ae-364da2661108http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
Impacted products
Vendor Product Version
roundcube webmail *
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1
roundcube webmail 0.1.1
roundcube webmail 0.2
roundcube webmail 0.2
roundcube webmail 0.2
roundcube webmail 0.2
roundcube webmail 0.2.1
roundcube webmail 0.2.2
roundcube webmail 0.3
roundcube webmail 0.3
roundcube webmail 0.3
roundcube webmail 0.3
roundcube webmail 0.3.1
roundcube webmail 0.4
roundcube webmail 0.4
roundcube webmail 0.4.1
roundcube webmail 0.4.2
roundcube webmail 0.5
roundcube webmail 0.5
roundcube webmail 0.5
roundcube webmail 0.5.1
roundcube webmail 0.5.2
roundcube webmail 0.5.3
roundcube webmail 0.5.4
roundcube webmail 0.6
roundcube webmail 0.7
roundcube webmail 0.7.1
roundcube webmail 0.7.2
roundcube webmail 0.7.3
roundcube webmail 0.8.0
roundcube webmail 0.8.1
roundcube webmail 0.8.2
roundcube webmail 0.8.3
roundcube webmail 0.8.4
roundcube webmail 0.8.5
roundcube webmail 0.8.6
roundcube webmail 0.9
roundcube webmail 0.9
roundcube webmail 0.9
roundcube webmail 0.9.0
roundcube webmail 0.9.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E505F998-E9E8-4827-B34A-953261157522",
              "versionEndIncluding": "0.9.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C785B00-7F4D-4EBD-A9FA-726D4D35E5D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:20050811:*:*:*:*:*:*",
              "matchCriteriaId": "6E525B8F-ED49-494A-A9C1-CCFFDCFAAA11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:20050820:*:*:*:*:*:*",
              "matchCriteriaId": "A9C38F5E-A79B-45F4-AD0C-894DE7ADD8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:20051007:*:*:*:*:*:*",
              "matchCriteriaId": "8BDB7224-1922-41BC-82F1-187DEEEE60DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:20051021:*:*:*:*:*:*",
              "matchCriteriaId": "9019C121-5D96-4967-92FA-AA63FAD40435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "8F433741-5F73-43B5-A522-C484C64C66A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "09DF755B-041E-4A61-BEF6-A613F6F0CE13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "34D20437-7DE7-4DB8-8C11-37B09A87E3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "55FB4AA3-3528-46B7-BBB9-9185DAA5425C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "066AA2BC-95A8-43E8-A1FE-9F15860691E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1:stable:*:*:*:*:*:*",
              "matchCriteriaId": "BADA5A07-C90D-4000-A973-0A918E390D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FB886B-35A4-4A8C-AE18-62C845886018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FF6973-9BAC-4DF2-BACE-42F0D9340A27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "EB6449FD-C6EE-497C-BE34-88900883AD09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "0CEF8BF6-E09F-4376-B089-9B722A84F591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.2:stable:*:*:*:*:*:*",
              "matchCriteriaId": "84126D1E-F709-4F23-A541-B92B6ED01D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "946B0B6A-46D3-46B9-BD1E-B03D3339EEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D572A44-701A-4D6F-919F-AB8AE4BF4417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D6EA96-EE58-47C3-B545-7238B3F64941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "3584BB62-818D-4A5B-BC7D-EAB0B85614EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "332FF744-3682-4818-9602-8F868BF0781E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.3:stable:*:*:*:*:*:*",
              "matchCriteriaId": "141BFB80-F895-482C-B2ED-A6FB9135EA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B502047-4DDD-4586-978C-6CEE1C41F923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "43581564-48CF-410C-9CE1-CBAE71153DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6A5CC548-05E4-4059-8252-FA78ECBB95A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3FA495A-D7FE-4461-AF57-EB649A1C49B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D773E61-113A-4EE8-804E-0584B73AB58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B276CD07-EB81-4C59-B0E8-83E43EAAB005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*",
              "matchCriteriaId": "FC0D4825-F78E-40F5-A9CB-45B73DE8FBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*",
              "matchCriteriaId": "9C8376B9-4DF2-4E23-9C43-EEDE3D800519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08BC43EB-D26F-48D7-A614-76FAEC07DB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E653FFD-AA00-4F30-B844-85AFA5A5A31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA46B2E-0FEA-4B17-8E72-381656E07349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1DC5945-5C18-40F2-AC79-32FF740A7F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6230C0E-D3A2-4A2E-B6F1-E0695F6E8802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "589AFC14-DC69-4B0B-B22B-74A8B40D63E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A61889-D3B2-46A4-A9A8-60136F8A490B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1BDB491-F3CF-4C83-ABED-0C615B83D0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD7759D-4C21-4EC5-A150-C717B71D5F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DC85A0-F2AB-4A89-A3B9-853BAB1E0CD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5C1C76-D1A6-4E22-AE50-8AE587F83AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "594EE4E3-9618-4E3C-8278-7782034184F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "607FF56D-EB06-434B-925F-D83763F4555B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC9286A-9537-4F18-8C73-61DE4506583B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4711358C-B12B-4B48-9AF8-49C8298BA451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA19760B-BA10-4B5B-9DAB-FCC3D6EC40A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.9:beta:*:*:*:*:*:*",
              "matchCriteriaId": "FCE48787-9394-4572-AEBD-F6541D7C2AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "04B18A6B-3ADB-4014-8244-424577362E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7A50C2A4-D2BE-4899-B5A8-838583119FEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC5F6ADA-C532-4FC6-87CA-9DB3533FF71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61C6AD6-3DB5-483C-83E8-CDFF74BF39A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en Roundcube webmail anterior a v0.9.3, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML a trav\u00e9s del cuerpo de un mensaje visit\u00f3 en el modo (1) \"new\" o (2) \"draft\", relacionado con compose.inc; y (3), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una firma HTML, relacionada con save_identity.inc."
    }
  ],
  "id": "CVE-2013-5645",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-08-29T12:07:56.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://trac.roundcube.net/ticket/1489251"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://trac.roundcube.net/ticket/1489251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.