Situation
CVE-2021-46144 vulnerability was discovered in Roundcube.
Impact
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Call to action
The vulnerability was fixed and shipped in Plesk Obsidian 18.0.41. Consider updating the Plesk server as per the following article.