Security News > 2024 > February > Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
2024-02-13 04:51
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
News URL
https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html
Related news
- Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- CISA: Here’s how you can foil DDoS attacks (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |