The vulnerability of the program/lib/Roundcube/rcube_string_replacer.php component of the RoundCube Webmail client allows a attacker to perform cross-site scripting attacks.

The vulnerability of the program/lib/Roundcube/rcubestringreplacer.php component of the RoundCube Webmail client exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

PT-2023-35512 · Unknown · Roundcubemail

Name of the Vulnerable Software and Affected Versions: roundcubemail versions prior to 1.6.3 Description: The issue is related to a cross-site scripting XSS vulnerability in the handling of linkrefs in plain text messages. This vulnerability can be exploited by an attacker to inject malicious cod...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2023-43770-PoC PoC for Stored XSS CVE-2023-43770 Vulnera...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2023-43770 POC A Proof-Of-Concept for the recently found...

Debian: Security Advisory (DLA-3577-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Roundcube Webmail < 1.4.14, 1.5.x < 1.5.4, 1.6.x < 1.6.3 XSS Vulnerability

Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.3-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 38 Update: roundcubemail-1.6.3-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.3-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

SUSE CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

[SECURITY] [DLA 3577-1] roundcube security update

Debian LTS Advisory DLA-3577-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 22, 2023 https://wiki.debian.org/LTS Package : roundcube Version : 1.3.17+dfsg.1-1deb10u3 CVE ID : CVE-2023-43770 Debian Bug : 1052059 Niraj Shivtarka discovered a cross-site...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

DEBIAN-CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

Cross site scripting

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

UBUNTU-CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

Roundcube Webmail Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.4.14, versions prior to 1.5.4, and versions prior to 1.6.3, which stems from a...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...