CVE-2023-43770
CVE-2023-43770
Vexday Risk Score
75High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 6.1EPSS 56.9%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
22 Sep 2023Published on NVD
27 Sep 2023Public PoC
12 Feb 2024Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Roundcube webmail allows attackers to inject malicious scripts through specially crafted links in plain text emails, which can execute in users' browsers and potentially steal credentials or perform unauthorized actions.
Technical detail
Cross-site scripting (XSS) vulnerability in rcube_string_replacer.php affects Roundcube versions before 1.4.14, 1.5.4, and 1.6.3. Attackers can craft malicious links in text/plain email messages that bypass sanitization, allowing script execution in the victim's browser context when the email is viewed.
Summary generated and translated by AI from the official description.
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/s3cb0y/CVE-2023-43770-POC★ 34githubgithub.com/knight0x07/CVE-2023-43770-PoC★ 3githubgithub.com/skyllpro/CVE-2021-44026-PoC★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49bhttps://lists.debian.org/debian-lts-announce/2023/09/msg00024.htmlhttps://roundcube.net/news/2023/09/15/security-update-1.6.3-releasedhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43770