Threat Advisories - NVD Disclosed December 28, 2020

CVE-2020-35730

Roundcube Webmail Cross-Site Scripting Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Roundcube Webmail can allow attackers to execute scripts, affecting user sessions and potentially leading to unauthorized actions or data exposure. Organizations using affected versions should apply vendor updates.

NVD published: December 28, 2020 • CISA KEV