Roundcube email flaw is being exploited, so patch now, US government warns

A vulnerability in the Roundcube email server platform is being actively exploited, the US government warns, urging its bodies to apply the patch and secure their instances sooner, rather than later.

In a security advisory, the Cybersecurity and Infrastructure Security Agency (CISA) said that a persistent cross-site scripting (XSS) bug is being actively exploited in the wild. The bug, tracked as CVE-2023-43770, is abused via a custom-built plain/text messages and links. 

Leave a Reply

Your email address will not be published. Required fields are marked *