CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-43770 Roundcube is an open-source, browser-based IMAP client with an application-like user interface. CVE-2023-43770 is a vulnerability that allows attackers to mount cross-site scripting (XSS) attacks through specially crafted links in plain text email messages. The vulnerability … More

The post Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770) appeared first on Help Net Security.