CVE-2024-37383 - RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-37383: Roundcube | Webmail

Date Added:
2024-10-24

Due Date:
2024-11-14

Vulnerability Name: RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

Description: RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383

Free security scan for your website

Don't show website scan report rating on the leaderboard