Security News > 2024 > February > Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
![Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now](/static/build/img/news/alert-cisa-warns-of-active-roundcube-email-attacks-patch-now-medium.jpg)
2024-02-13 04:51
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
News URL
https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html
Related news
- CISA warns of Windows bug exploited in ransomware attacks (source)
- SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately (source)
- Business Email Compromise Attacks Are Evolving: How Organizations Can Stay Ahead of the Curve (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-22 | CVE-2023-43770 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 |