Ecosystem	Package	Version

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

Vulnerabilities

CVE-2020-13965

EXPLOITED

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

Published Oct 22, 2025

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube

CVSS ScoreMedium

6.1

Ecosystem	Package	Version

Ecosystem	Package	Version