⚠ Actively exploited

Added to CISA KEV on 2024-02-12. Federal agencies required to patch by 2024-03-04. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-43770 — Cross-site Scripting in Webmail

CWE-79 — Cross-site Scripting13 documents10 sources

Severity

6.1MEDIUMNVD

EPSS

80.4%

top 0.87%

CISA KEV

KEV

Added 2024-02-12

Due 2024-03-04

Exploit

Exploited in wild

Active exploitation observed

Affected products

Roundcube Webmail Debian Linux

Timeline

PublishedSep 22

KEV addedFeb 12

KEV dueMar 4

Latest updateMay 15

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDroundcube/webmail1.5.0 — 1.5.4+2

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

roundcube vulnerability↗2024-02-26

▶

OSV

CVE-2023-43770: Roundcube before 1↗2023-09-22

▶

GHSA

GHSA-g3fv-4f2h-xwv4: Roundcube before 1↗2023-09-22

▶

CVEList

CVE-2023-43770: Roundcube before 1↗2023-09-22

▶

VulnCheck

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability↗2023

▶

🔍Detection Rules

Suricata

ET EXPLOIT RoundCube Webmail Persistent XSS Attempt (CVE-2023-43770)↗2024-03-28

▶

📋Vendor Advisories

Ubuntu

Roundcube Webmail vulnerability↗2024-02-26

▶

CISA

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability↗2024-02-12

▶

Debian

CVE-2023-43770: roundcube - Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS v...↗2023

▶

🕵️Threat Intelligence

Bleepingcomputer

Government webmail hacked via XSS bugs in global spy campaign↗2025-05-15

▶

Bleepingcomputer

Hackers exploit Roundcube webmail flaw to steal email, credentials↗2024-10-21

▶

Bleepingcomputer

CISA: Roundcube email server bug now exploited in attacks↗2024-02-12

▶