What is CVE-2020-35730?

A medium severity cross-site scripting (XSS) vulnerability exists in Roundcube Webmail. Organizations must apply updates immediately to mitigate potential exploitation risks.

What is the severity of CVE-2020-35730?

CVE-2020-35730 has a severity rating of MEDIUM with a CVSS base score of 6.1.

Is CVE-2020-35730 in CISA KEV?

Yes. CVE-2020-35730 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2020-35730 | Medium Vulnerability in Roundcube Webmail

CVE-2020-35730 is a cross-site scripting (XSS) vulnerability impacting Roundcube Webmail versions prior to 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. This vulnerability allows attackers to send a plain text email with JavaScript embedded in a link reference element, which is mishandled by the linkref_addindex function in rcube_string_replacer.php. The vulnerability has a CVSS score of 6.1, categorizing it as medium severity, indicating a significant risk to organizations using affected versions.

Risk to organizations includes unauthorized execution of scripts leading to potential data theft or session hijacking. Given the medium severity of this vulnerability, it is crucial for organizations to prioritize patching to mitigate exploitation risks. The vulnerability is actively exploited, and immediate action is recommended.

Organizations should prioritize patching immediately. The required updates are available, and failure to apply them could expose users to significant security risks.

This vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog, indicating recognized exploitation in the wild. Organizations using vulnerable versions should act swiftly to apply the necessary patches.

Vulnerability Details

The XSS vulnerability in Roundcube Webmail allows attackers to execute arbitrary JavaScript in the context of a victim's session. This can lead to unauthorized actions being performed on behalf of the user, potentially compromising sensitive information. The vulnerability affects various versions of Roundcube Webmail, specifically versions before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10.

The CVSS score of 6.1 indicates that this is a medium severity vulnerability. The primary attack vector is network-based, requiring low complexity to exploit. Attackers do not need any privileges to execute the attack, but user interaction is required, as the exploit involves clicking on a malicious link.

The scope of this vulnerability is changed, meaning that it can affect additional components beyond the initial vulnerable component. The confidentiality and integrity impacts are rated as low, while availability impact is none.

Technical Analysis

The root cause of this vulnerability lies in the mishandling of link references within the Roundcube Webmail application. The linkref_addindex function does not properly sanitize user input, allowing JavaScript code to be injected into the email content. This issue stems from inadequate validation and encoding of user input.

The attack vector for this vulnerability is network-based, meaning an attacker can exploit it remotely. The complexity of the attack is low, as it requires the user to click on a crafted email link. No privileges are required, making it easier for attackers to exploit vulnerable systems.

User interaction is necessary for the attack to succeed, as the user must open the email and click on the malicious link. The confidentiality impact is low, as it may allow unauthorized access to user data, while the integrity impact is also low, as it does not directly alter data. There is no impact on availability.

Risk & Impact Analysis

The risk to organizations includes potential unauthorized access to user accounts and sensitive information. Exploitation of this vulnerability could lead to session hijacking, data theft, or the execution of malicious actions on behalf of the victim. The blast radius for this vulnerability can be significant, especially in environments where Roundcube Webmail is widely used.

Given the current CVSS score, it is vital for organizations to address this vulnerability in their patch management cycle. The KEV listing further emphasizes the urgency of remediation, as it indicates active exploitation in the wild.

Organizations should consider implementing additional network controls and monitoring to detect potential exploit attempts while patches are being deployed.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

Affected versions include Roundcube Webmail versions before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. Organizations should consult vendor resources to confirm their specific version status.

Mitigation & Remediation

Organizations should apply available patches for Roundcube Webmail to mitigate this vulnerability. The updates are provided in the following versions: 1.2.13, 1.3.16, and 1.4.10. If patches cannot be immediately applied, organizations should implement workarounds such as sanitizing user inputs on email links and limiting the ability to execute scripts.

For continuous security, organizations may consider conducting regular security assessments, including continuous penetration testing to identify and remediate vulnerabilities proactively.

Detection Guidance

Organizations should monitor logs for any signs of anomalous behavior, particularly those involving email link interactions. Behavioral anomalies, such as unexpected email opens or JavaScript execution attempts, should be flagged for further investigation.

Additionally, network signatures that detect known malicious payloads associated with XSS attacks can aid in early detection of exploitation attempts.

AppSecure Threat Intelligence Insight

CVE-2020-35730 highlights the ongoing risks associated with webmail applications and the importance of rigorous validation routines. Security teams should recognize the patterns of XSS vulnerabilities in web applications and the critical nature of user input sanitization.

The vulnerability underscores the necessity for comprehensive testing and validation of email handling functionalities. Organizations should regularly review their penetration testing methodology to ensure that all potential attack vectors are assessed.

Furthermore, security awareness training for users regarding the risks associated with phishing and malicious links is essential in mitigating the impact of such vulnerabilities. Organizations should also consider establishing a vulnerability management program to systematically address emerging threats.

In conclusion, CVE-2020-35730 serves as a reminder of the importance of maintaining updated software and implementing robust security practices to protect against web-based threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2020-35730: Medium Vulnerability in Roundcube Webmail