Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-42009

KEV EPSS 91.41% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-42009

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Roundcube Webmail 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Roundcube Webmail是一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.7及之前版本和1.6.8之前的1.6.x版本存在安全漏洞,该漏洞源于存在跨站脚本漏洞,远程攻击者可以通过精心设计的电子邮件消息窃取并发送受害者的电子邮件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2024-42009

#POC DescriptionSource LinkShenlong Link
1This script exploits a stored XSS vulnerability (CVE-2024-42009) in Roundcube Webmail version 1.6.7. It injects a malicious payload into the webmail system, which, when triggered, exfiltrates email content from the victim’s inbox.https://github.com/0xbassiouny1337/CVE-2024-42009POC Details
2This Proof of Concept (PoC) demonstrates an exploit for CVE-2024-42009, leveraging a cross-site scripting (XSS) vulnerability to extract emails from a target webmail application. The attack injects a malicious payload that exfiltrates email content to an attacker-controlled listener.https://github.com/Bhanunamikaze/CVE-2024-42009POC Details
3CVE-2024-42009 Proof of Concepthttps://github.com/DaniTheHack3r/CVE-2024-42009-PoCPOC Details
4Nonehttps://github.com/Shubhankargupta691/CVE-2024-42009POC Details
5A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-42009.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-42009

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-08-05 · 12 CVEs total

CVE-2024-74662.4 LOWPMWeb Web Application Firewall cross site scripting
CVE-2024-41380Microweber 安全漏洞
CVE-2024-41200KMPlayer 安全漏洞
CVE-2024-41376DzzOffice 安全漏洞
CVE-2024-41381microweber 安全漏洞
CVE-2024-40096Who - Caller ID, Spam Block 安全漏洞
CVE-2024-40531UAB Pantera CRM 安全漏洞
CVE-2024-40530UAB Pantera CRM 安全漏洞
CVE-2024-40498PuneethReddyHc Online Shopping System Advanced 安全漏洞
CVE-2024-42010Roundcube Webmail 安全漏洞
CVE-2024-42008Roundcube Webmail 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2024-42009

No comments yet

Leave a comment