Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-43770HistorySep 22, 2023 - 6:15 a.m.
CVE-2023-43770
2023-09-2206:15:10
Debian Security Bug Tracker
security-tracker.debian.org
13
roundcube
email
xss
vulnerability
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.113 Low
EPSS
Percentile
95.3%
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | roundcube | < 1.6.3+dfsg-1~deb12u1 | roundcube_1.6.3+dfsg-1~deb12u1_all.deb |
| Debian | 11 | all | roundcube | < 1.4.14+dfsg.1-1~deb11u1 | roundcube_1.4.14+dfsg.1-1~deb11u1_all.deb |
| Debian | 10 | all | roundcube | < 1.3.17+dfsg.1-1~deb10u3 | roundcube_1.3.17+dfsg.1-1~deb10u3_all.deb |
| Debian | 999 | all | roundcube | < 1.6.3+dfsg-1 | roundcube_1.6.3+dfsg-1_all.deb |
| Debian | 13 | all | roundcube | < 1.6.3+dfsg-1 | roundcube_1.6.3+dfsg-1_all.deb |
Related
cisa_kev
cisa_kev
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
2024-02-12 00:00:00
vulnrichment
vulnrichment
CVE-2023-43770
2023-09-22 00:00:00
thn
thn
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
2024-02-13 04:51:00
malwarebytes
malwarebytes
Patch now! Roundcube mail servers are being actively exploited
2024-02-13 14:28:27
osv
osv
roundcube vulnerability
2024-02-26 03:46:59
roundcube - security update
2023-09-22 00:00:00
CVE-2023-43770
2023-09-22 06:15:10
hivepro
hivepro
Roundcube Webmail Faces Unrelenting Exploitation
2024-02-26 12:57:08
ubuntu
ubuntu
Roundcube Webmail vulnerability
2024-02-26 00:00:00
prion
prion
Cross site scripting
2023-09-22 06:15:00
redos
redos
ROS-20240613-03
2024-06-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6654-1)
2024-02-26 00:00:00
Debian: Security Advisory (DLA-3577-1)
2023-09-25 00:00:00
Roundcube Webmail < 1.4.14, 1.5.x < 1.5.4, 1.6.x < 1.6.3 XSS Vulnerability
2023-09-25 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2023-10-08 19:30:52
nessus
nessus
debian
debian
[SECURITY] [DLA 3577-1] roundcube security update
2023-09-22 11:23:24
nvd
nvd
CVE-2023-43770
2023-09-22 06:15:10
githubexploit
githubexploit
Exploit for Cross-site Scripting in Roundcube Webmail
2023-09-27 17:08:23
cve
cve
CVE-2023-43770
2023-09-22 06:15:10
ubuntucve
ubuntucve
CVE-2023-43770
2023-09-22 00:00:00
attackerkb
attackerkb
CVE-2023-43770
2023-09-22 00:00:00
cvelist
cvelist
CVE-2023-43770
2023-09-22 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.113 Low
EPSS
Percentile
95.3%
Related for DEBIANCVE:CVE-2023-43770