CVE-2025-68461CISA KEV: Actively Exploited

RoundCube Webmail Cross-site Scripting Vulnerability

Published Feb 20, 2026·Updated Feb 20, 2026

Description

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.

PoC: CVE-2025-68461

Detection for CVE-2025-68461

PoC: CVE-2025-68461

A C++ security scanner tool to detect Cross-Site Scripting (XSS) vulnerabilities in Roundcube Webmail installations.

Get alerted for CVEs like this