What the vulnerability does
01Description
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
CVSS base score
CVSS vector
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R
What the vulnerability does
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
Key dates
External resources