CVE-2025-68460
HIGHDescription
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
Is your site exposed to CVE-2025-68460?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| roundcube | webmail |
| roundcube | webmail |
References
Frequently Asked Questions
What is CVE-2025-68460? +
How severe is CVE-2025-68460? +
What products are affected by CVE-2025-68460? +
How do I check if I'm vulnerable to CVE-2025-68460? +
Related Vulnerabilities
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs …
During an address list folding when a separating comma ends up on a folded line and that line is to …
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue …
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This …
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires …