ImpactCVE-2024-42008, CVE-2024-42009, CVE-2024-42010 vulnerabilities were discovered in Roundcube.
SituationRoundcube before 1.5.8/1.6.8 versions has these vulnerabilities:
- XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
- XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
- Information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
Call to actionThe vulnerabilities are fixed in Plesk Obsidian 18.0.63 #1.
Update Plesk to the latest version.