ГлавнаяУязвимости → CVE-2026-48848
7.2высокая

CVE-2026-48848

Описание

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.

CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Источники
https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27https://github.com/roundcube/roundcubemail/commit/c960d102472dc579e15907d5bcdc3103a090ccf9https://github.com/roundcube/roundcubemail/releases/tag/1.6.16https://github.com/roundcube/roundcubemail/releases/tag/1.7.1https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1