{"id":"CVE-2020-18671","details":"Cross Site Scripting (XSS) vulnerability in Roundcube Mail \u003c=1.4.4 via smtp config in /installer/test.php.","aliases":["BIT-roundcube-2020-18671"],"modified":"2026-03-20T11:35:02.990074Z","published":"2021-06-24T19:15:08.267Z","related":["openSUSE-SU-2021:0931-1","openSUSE-SU-2021:0942-1","openSUSE-SU-2021:0943-1","openSUSE-SU-2021:0959-1","openSUSE-SU-2021:0974-1","openSUSE-SU-2021:1014-1"],"references":[{"type":"FIX","url":"https://github.com/roundcube/roundcubemail/issues/7406"},{"type":"FIX","url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12"},{"type":"EVIDENCE","url":"https://lorexxar.cn/2020/06/10/roundcube-mail-xss/#store-xss-in-smtp-config"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/roundcube/roundcubemail","events":[{"introduced":"0"},{"last_affected":"aadb13e25f73d783f731a99f9b9c2ea43bb10c79"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.4"}]}}],"versions":["1.1-beta","1.1-rc","1.1.0","1.2-beta","1.2-rc","1.3-beta","1.4-beta","1.4-rc1","1.4-rc2","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","v0.1-beta2","v1.0-beta"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18671.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}