CVE-2023-43770

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 22, 2023

Updated: Dec 20, 2024

CWE ID 79

Summary

CVE-2023-43770 is a vulnerability affecting Roundcube email client versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. Maliciously crafted text/plain e-mail messages with links can exploit this issue through the program/lib/Roundcube/rcube_string_replacer.php file. The flaw allows attackers to inject and execute malicious code in users' browsers, potentially leading to session hijacking or data theft. Users are advised to update their Roundcube installations as soon as possible to mitigate this cross-site scripting (XSS) risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

RoundCube Webmail
Debian

Affected Vendors

Debian
Roundcube

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swdcDp
https://www.cve.org/CVERecord?id=CVE-2023-43770
https://nvd.nist.gov/vuln/detail/CVE-2023-43770

Back to Vulnerability Database