Researchers of the cybersecurity company Sonar found three critical vulnerabilities in Roundcube webmail that allow JavaScript execution via malicious emails. Administrators should update to the patched version 1.6.8 or 1.5.8 as soon as possible.
https://alternativeto.net/news/2024/8/critical-security-flaws-in-roundcube-webmail-update-now-to-prevent-javascript-exploits/