{"id":"CVE-2021-46144","details":"Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.","modified":"2026-04-10T04:41:51.106809Z","published":"2022-01-06T05:15:09.420Z","references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5037"},{"type":"ADVISORY","url":"https://bugs.debian.org/1003027"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00005.html"},{"type":"ADVISORY","url":"https://roundcube.net/news/2021/12/30/security-update-1.4.13-released"},{"type":"ADVISORY","url":"https://roundcube.net/news/2021/12/30/update-1.5.2-released"},{"type":"FIX","url":"https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0"},{"type":"FIX","url":"https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/roundcube/roundcubemail","events":[{"introduced":"0"},{"fixed":"784eb80e67a3f47290e42cef12da8696cba60272"},{"introduced":"f1d376ba278aa4d9c739a0f3b3961df26cda3c07"},{"fixed":"5016788716b1c29967ee6baa8a326de7da1999f7"},{"fixed":"8894fddd59b770399eed4ef8d4da5773913b5bf0"},{"fixed":"b2400a4b592e3094b6c84e6000d512f99ae0eed8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.13"},{"introduced":"1.5.0"},{"fixed":"1.5.2"}]}}],"versions":["1.1-beta","1.1-rc","1.1.0","1.2-beta","1.2-rc","1.3-beta","1.4-beta","1.4-rc1","1.4-rc2","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.5.0","1.5.1","v0.1-beta2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46144.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}