CVE ID
CVE-2023-5631
Vulnerability Name
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
- Project: Roundcube
- Product: Webmail
Date
- Date Added: 2023-10-26
- Due Date: 2023-11-16
Description
Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://roundcube.net/news/2023/10/16/security-update-1.6.4-released, https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15 ; https://nvd.nist.gov/vuln/detail/CVE-2023-5631
Related Security News
- CISA: Recently patched RoundCube flaws now exploited in attacks
- Hackers exploit Roundcube webmail flaw to steal email, credentials
- Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Top comments (0)