Security News > 2024 > February > Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
2024-02-13 04:51
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
News URL
https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)
- CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |