Security News > 2024 > October > Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
2024-10-22 09:21

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and 1.6.7. The email carrying the exploit was sent in June 2024. About CVE-2024-37383 Roundcube is an open-source, browser-based IMAP client with a user interface that makes it look like a standalone application. CVE-2024-37383 is a … More → The post Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/10/22/cve-2024-37383-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-07 CVE-2024-37383 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
network
low complexity
roundcube debian CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Roundcube 3 7 50 6 5 68