Vulnerability Description
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/roundcube/roundcubemail/releases
- https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
- https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
- https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scrip
FAQ
What is CVE-2024-42010?
CVE-2024-42010 is a vulnerability with a CVSS score of 7.5 (HIGH). mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain ...
How severe is CVE-2024-42010?
CVE-2024-42010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-42010?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.