CVE-2023-43770 - Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Vulnerability Name

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Description

Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://roundcube.net/news/2023/09/15/security-update-1.6.3-released

https://nvd.nist.gov/vuln/detail/CVE-2023-43770

Related News Articles

Hackers exploit Roundcube webmail flaw to steal email, credentialsOctober 22, 2024

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)August 7, 2024