Articles in this section

See more

CVE-2021-44025 and CVE-2021-44026: RoundCube vulnerabilities

Avatar
Anastasia Zyrianova
Updated
Follow
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux

Situation

Vulnerabilities CVE-2021-44025 and CVE-2021-44026 were discovered in Roundcube.

Impact

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

Call to Action

The vulnerability was fixed and shipped in Plesk Obsidian 18.0.40 #1. Consider updating the Plesk server as per the following article.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles