CVE-2020-35730CISA KEVEPSS p98.1%

CVE-2020-35730Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube / Roundcube Webmail

Description

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Scoring

EPSS32.37% probability of exploitation · percentile 98.1% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2023-06-22

(incoming)1

TypeTargetConfidenceTier
KEVEntryRoundcube Webmail Cross-Site Scripting (XSS) Vulnerabilitykev-cve-2020-357300%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
CVE
RoundCube Webmail Cross-Site Scripting Vulnerability
CVE
Roundcube Webmail Remote Code Execution Vulnerability
CVE
Roundcube Webmail SQL Injection Vulnerability
CVE
Roundcube Webmail File Disclosure Vulnerability
CVE
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.