Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of

agency alert attacks catalog cisa cross-site cve cvss cvss score cybersecurity email email attacks exploitation exploited exploited vulnerabilities flaw infrastructure infrastructure security issue kev known exploited known exploited vulnerabilities medium monday patch roundcube roundcube email score scripting security security flaw severity software vulnerabilities xss