CVE-2024-42008, CVE-2024-42009, CVE-2024-42010 vulnerabilities in Roundcube

senthil · Apr 30, 2025, 08:51 AM

Impact
CVE-2024-42008, CVE-2024-42009, CVE-2024-42010 vulnerabilities were discovered in Roundcube.

Situation
Roundcube before 1.5.8/1.6.8 versions has these vulnerabilities:

XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
Information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

Call to action
The vulnerabilities are fixed in Plesk Obsidian 18.0.63 #1.
Update Plesk to the latest version.

Cobra Forum

News:

CVE-2024-42008, CVE-2024-42009, CVE-2024-42010 vulnerabilities in Roundcube

senthil