VIR Vulnerability Intelligence Relay

CVE-2021-46144

unknown
Published — · Modified —
CVSS v3
CVSS v2
VIR risk

Description

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-46144

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.6.0+dfsg-1
debian debianbullseyefixed1.4.13+dfsg.1-1~deb11u1
debian debiansidfixed1.6.0+dfsg-1
debian debiantrixiefixed1.6.0+dfsg-1

References

Verify integrity in audit chain (admin only). AS-IS.