CVE-2023-43770

CVSS 6.1 MEDIUMEPSS 56.9%● KEVCWE-79

In short

Roundcube webmail allows attackers to inject malicious scripts through specially crafted links in plain text emails, which can execute in users' browsers and potentially steal credentials or perform unauthorized actions.

Technical detail

Cross-site scripting (XSS) vulnerability in rcube_string_replacer.php affects Roundcube versions before 1.4.14, 1.5.4, and 1.6.3. Attackers can craft malicious links in text/plain email messages that bypass sanitization, allowing script execution in the victim's browser context when the email is viewed.

Summary generated and translated by AI from the official description.

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/s3cb0y/CVE-2023-43770-POC★ 34 githubgithub.com/knight0x07/CVE-2023-43770-PoC★ 3 githubgithub.com/skyllpro/CVE-2021-44026-PoC★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html https://roundcube.net/news/2023/09/15/security-update-1.6.3-released https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43770