Cross-site scripting (XSS) via HTML messages with malicious svg or math content. Reference: https://bugs.mageia.org/show_bug.cgi?id=27079
Created roundcubemail tracking bugs for this issue: Affects: fedora-all [bug 1868345]
Fixed in https://bodhi.fedoraproject.org/updates/FEDORA-2020-d0f8f20cfc