Security News > 2024 > February > Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
2024-02-13 04:51
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
News URL
https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html
Related news
- Security measures fail to keep up with rising email attacks (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |