Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVE: (none) => CVE-2020-16145
Already reported and FIXED! *** This bug has been marked as a duplicate of bug 27079 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE