10 matches found
CVE-2023-43770
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...
USN-6654-1 roundcube vulnerability
It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2023-43770...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube Webmail vulnerability (USN-6654-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6654-1 advisory. It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker...
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 CVSS score: 6.1,...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770link is external Roundcube Webmail Persistent Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for maliciou...
Exploit for Cross-site Scripting in Roundcube Webmail
CVE-2023-43770-PoC PoC for Stored XSS CVE-2023-43770 Vulnera...
CVE-2023-43770
creationtimestamp| type| source ---|---|--- 2023-09-28 11:42:17+00:00| published-proof-of-concept| https://t.me/CNArsenal/1202 2023-09-28 13:52:57+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5238 2023-09-28 15:18:12+00:00| published-proof-of-concept| https://t.me/proxybar/1739...
Exploit for Cross-site Scripting in Roundcube Webmail
CVE-2023-43770 POC A Proof-Of-Concept for the recently found...
CVE-2023-43770
Roundcube Webmail vulnerability CVE-2023-43770 is a cross-site scripting (XSS) issue in Roundcube prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3. The root cause is behavior in program/lib/Roundcube/rcube_string_replacer.php that allows XSS via crafted links in text/plain emails, ...
Debian dla-3577 : roundcube - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3577 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3577-1 [email protected] https://www.debian.org/lts/security/...