Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/roundcube@0.7.2-4?distro=trixie
purl pkg:deb/debian/roundcube@0.7.2-4?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-kch8-wrzv-bfdm Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. CVE-2012-4668
VCID-qfyq-umv5-e7h1 Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. CVE-2012-3508

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:54:37.809805+00:00 Debian Importer Fixing VCID-kch8-wrzv-bfdm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:38:15.391155+00:00 Debian Importer Fixing VCID-qfyq-umv5-e7h1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:07:49.030451+00:00 Debian Importer Fixing VCID-kch8-wrzv-bfdm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:55:49.800417+00:00 Debian Importer Fixing VCID-qfyq-umv5-e7h1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:52:06.687770+00:00 Debian Importer Fixing VCID-kch8-wrzv-bfdm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:06.640006+00:00 Debian Importer Fixing VCID-qfyq-umv5-e7h1 https://security-tracker.debian.org/tracker/data/json 38.1.0