Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)

CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-43770 Roundcube is an open-source, browser-based IMAP client with an application-like user interface. CVE-2023-43770 is a vulnerability that allows attackers to mount cross-site scripting (XSS) attacks through specially crafted links in plain text email messages. The vulnerability … More →

The post …

application attackers browser catalog cisa client cve don't miss exploited exploited vulnerabilities hot stuff imap interface kev known exploited known exploited vulnerabilities roundcube roundcube webmail september software user interface vulnerabilities vulnerability vulnerability exploited webmail xss