{"affected":[{"ecosystem_specific":{"binaries":[{"roundcubemail":"1.3.16-bp152.4.18.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"roundcubemail","purl":"pkg:rpm/suse/roundcubemail&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.16-bp152.4.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for roundcubemail fixes the following issues:\n\nUpgrade to version 1.3.16\n\nThis is a security update to the LTS version 1.3.\n\nIt fixes a recently reported stored cross-site scripting (XSS)\nvulnerability via HTML or plain text messages with malicious content.\n\nReferences:\n\n- CVE-2020-18670: Cross Site Scripting (XSS) vulneraibility via database host and user in /installer/test.php (boo#1187707)\n- CVE-2020-18671: Cross Site Scripting (XSS) vulnerability via smtp config in /installer/test.php (boo#1187706)\n- CVE-2020-35730: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content (boo#1180399)\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.","id":"openSUSE-SU-2021:1014-1","modified":"2021-07-09T12:07:08Z","published":"2021-07-09T12:07:08Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XDARRLWABODNP6ABT3DQ34TPYSH3ROH5/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1180399"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187706"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187707"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-18670"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-18671"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-35730"}],"related":["CVE-2020-18670","CVE-2020-18671","CVE-2020-35730"],"summary":"Security update for roundcubemail","upstream":["CVE-2020-18670","CVE-2020-18671","CVE-2020-35730"]}