CVE-2020-35730: Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability.

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability. Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

• CISA KEV-listed (remediation due 2023-07-13)
• EPSS 67.4% (98.6% percentile)

Browse the CVE database

Read the full analysis on IntelFusions