MUST READ

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

 | 

Stellantis probes data breach linked to third-party provider

 | 

FBI alerts public to spoofed IC3 site used in fraud schemes

 | 

EU agency ENISA says ransomware attack behind airport disruptions

 | 

Researchers expose MalTerminal, an LLM-enabled malware pioneer

 | 

Beware: GitHub repos distributing Atomic Infostealer on macOS

 | 

ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

 | 

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini February 12, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog.

Roundcube is an open-source web-based email client. It provides a user-friendly interface for accessing email accounts via a web browser. Users can send and receive emails, manage their contacts, organize messages into folders, and perform various other email-related tasks. Roundcube supports standard email protocols such as IMAP and SMTP, making it compatible with a wide range of email servers.

The exploitation of the vulnerability can lead to information disclosure via malicious link references in plain/text messages.

The vulnerability was discovered by Niraj Shivtarka, it impacts Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The vulnerability was fixed with the release of version 1.6.3.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by March 4, 2024.

In October, Russia-linked APT group Winter Vivern (aka TA473) was observed exploiting another zero-day flaw in Roundcube webmail software.

ESET researchers pointed out that is a different vulnerability than CVE-2020-35730, that the group exploited in other attacks.

ESET reported the zero-day to Roundcube, and the company patched the issue on October 14th, 2023. The vulnerability affects Roundcube versions 1.6.x before 1.6.4, 1.5.x before 1.5.5, and 1.4.x before 1.4.15.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Hacking, Known Exploited Vulnerabilities catalog)

Hacking hacking news information security news IT Information Security Known Exploited Vulnerabilities Catalog Pierluigi Paganini Roundcube Security Affairs Security News

you might also like

Pierluigi Paganini September 25, 2025
U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini September 25, 2025
Operation HAECHI VI seized $439M from global cybercrime rings
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

Hacking / September 25, 2025

Operation HAECHI VI seized $439M from global cybercrime rings

Cyber Crime / September 25, 2025

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

Data Breach / September 25, 2025

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

Hacking / September 25, 2025

Nation-State hackers exploit Libraesva Email Gateway flaw

Hacking / September 24, 2025