{"id":"USN-8482-1","summary":"roundcube vulnerability","details":"It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting\n(XSS) vulnerability via the animate tag in an SVG document. An attacker\ncould use this issue to execute arbitrary web script in the context of an \naffected user's session.","modified":"2026-06-30T14:14:25.943574097Z","published":"2026-06-30T08:41:53Z","related":["UBUNTU-CVE-2025-68461"],"upstream":["CVE-2025-68461","UBUNTU-CVE-2025-68461"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8482-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-68461"}],"affected":[{"package":{"name":"roundcube","ecosystem":"Ubuntu:Pro:26.04:LTS","purl":"pkg:deb/ubuntu/roundcube?arch=source&distro=esm-apps%2Fresolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1"}]}],"versions":["1.6.11+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1","binary_name":"roundcube"},{"binary_version":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1","binary_name":"roundcube-core"},{"binary_version":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1","binary_name":"roundcube-mysql"},{"binary_version":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1","binary_name":"roundcube-pgsql"},{"binary_version":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1","binary_name":"roundcube-plugins"},{"binary_version":"1.6.11+dfsg-1ubuntu0.26.04.1~esm1","binary_name":"roundcube-sqlite3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8482-1.json","cves_map":{"cves":[{"id":"CVE-2025-68461","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"high"}]}],"ecosystem":"Ubuntu:Pro:26.04:LTS"}}}],"schema_version":"1.7.5"}