CVE-2020-13965
Known Exploited Vulnerability Entry External Catalog
Entry Details
Confirmed
Yes
2024-06-26 00:00 UTC
Timestamps
2024-06-26
2024-06-26
Scope
KEV entry: Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | Affected: Roundcube / Webmail | Description: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12; https://nvd.nist.gov/vuln/detail/CVE-2020-13965
References
- {'id': 'CVE-2020-13965', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-13965'}
04c4b525-fd39-46c4-909b-3b73866d54ea
405284c2-e461-4670-8979-7fd2c9755a60
2026-02-02 13:24 UTC
2026-02-06 07:53 UTC
Evidence (1)
| Type | Source | Signal | Confidence | Details | GCVE Metadata |
|---|---|---|---|---|---|
| vendor_report | cisa-kev | successful_exploitation | 0.80 |
View details |
- |