CVE-2023-43770 - Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

CVE-2023-43770: Roundcube | Webmail

Date Added:
2024-02-12

Due Date:
2024-03-04

Vulnerability Name: Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Description: Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released ; https://nvd.nist.gov/vuln/detail/CVE-2023-43770

Related News Articles

Hackers exploit Roundcube webmail flaw to steal email, credentialsOctober 22, 2024

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)August 7, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard