Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:25 a.m.13 views

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

6.1CVSS6AI score0.58483EPSS
Exploits2References1
OSV
OSV
added 2024/02/26 3:46 a.m.2 views

USN-6654-1 roundcube vulnerability

It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2023-43770...

6.1CVSS6.6AI score0.58483EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.20 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube Webmail vulnerability (USN-6654-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6654-1 advisory. It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker...

6.1CVSS7.2AI score0.58483EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2024/02/13 4:51 a.m.41 views

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 CVSS score: 6.1,...

6.1CVSS6.4AI score0.58483EPSS
Exploits2
CISA
CISA
added 2024/02/12 12:0 p.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770link is external Roundcube Webmail Persistent Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for maliciou...

6.1CVSS6.3AI score0.58483EPSS
In wildExploits2References6
GithubExploit
GithubExploit
added 2023/09/28 1:43 p.m.25 views

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2023-43770-PoC PoC for Stored XSS CVE-2023-43770 Vulnera...

6.1CVSS6.7AI score0.58483EPSS
Exploits2
Circl
Circl
added 2023/09/28 11:42 a.m.20 views

CVE-2023-43770

creationtimestamp| type| source ---|---|--- 2023-09-28 11:42:17+00:00| published-proof-of-concept| https://t.me/CNArsenal/1202 2023-09-28 13:52:57+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5238 2023-09-28 15:18:12+00:00| published-proof-of-concept| https://t.me/proxybar/1739...

6.1CVSS6.9AI score0.58483EPSS
Exploits2References21
GithubExploit
GithubExploit
added 2023/09/27 5:8 p.m.1120 views

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2023-43770 POC A Proof-Of-Concept for the recently found...

6.1CVSS6.1AI score0.58483EPSS
Exploits2
CVE
CVE
added 2023/09/22 12:0 a.m.245 views

CVE-2023-43770

Roundcube Webmail vulnerability CVE-2023-43770 is a cross-site scripting (XSS) issue in Roundcube prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3. The root cause is behavior in program/lib/Roundcube/rcube_string_replacer.php that allows XSS via crafted links in text/plain emails, ...

6.1CVSS5.8AI score0.58483EPSS
In wildExploits2References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/22 12:0 a.m.22 views

Debian dla-3577 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3577 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3577-1 [email protected] https://www.debian.org/lts/security/...

6.1CVSS6.9AI score0.58483EPSS
Exploits2References4
Rows per page
Query Builder