Cyber Security News

CISA Warns Of Active Attacks on Roundcube Webmail XSS Vulnerability

CISA, the Cybersecurity and Infrastructure Security Agency, has issued a warning regarding a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail that is currently being targeted by attackers in the wild.

Threat actors are currently taking advantage of a security flaw in a popular webmail client, which is putting organizations that use this client at a high risk of being compromised.

It is crucial that immediate action is taken to address this vulnerability and protect the affected systems.

Niraj Shivtarka, a Zscaler researcher, has recently discovered a vulnerability (CVE-2023-43770) with a CVSS score of 6.1.

Roundcube is a PHP-based IMAP email client that operates in a web-based environment. It is compatible with various web servers, including Apache, LiteSpeed, Nginx, Lighttpd, Hiawatha, or Cherokee, and supports databases such as MySQL, PostgreSQL, and SQLite.

The vulnerability could expose sensitive information through malicious link references in plain text communications.

The vulnerability affects Roundcube versions earlier than 1.4.14, 1.5.x versions before 1.5.4, and 1.6.x versions before 1.6.3.

The identified vulnerability was resolved by implementing version 1.6.3, made available on September 15, 2023.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

CISA Adds to KVE

CISA has included CVE-2023-43770 in the list of known exploited vulnerabilities. Vendors are suggested to implement mitigations or cease using the affected product.

Shodan, the search engine for internet-connected devices, has recently published a report that highlights the presence of over 132,000 Roundcube servers that are publicly available on the internet. These servers can be accessed by anyone and may pose a potential security risk if proper precautions and security measures are not in place.

Roundcube Servers on Internet

Fix Available

The stable version of Roundcube Webmail 1.6.3 is available now, and we recommend that all productive installations of Roundcube 1.6.x should be updated.

A problem that was previously identified has been fixed in Debian ten buster version 1.3.17+dfsg.1-1~deb10u3. Hence, it is recommended that you upgrade your Roundcube packages.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

15 Best Enterprise Risk Management Tools 2024

Enterprise Risk Management (ERM) tools help organizations identify, assess, manage, and monitor risks across their…

49 mins ago

UEFIcanhazbufferoverflow Flaw In Intel Processors Impacts 100s of PCs & Servers

The Phoenix SecureCore UEFI firmware has discovered a new vulnerability, which runs on several Intel…

17 hours ago

New Linux Variant Of RansomHub Attacking ESXi Systems

Hackers often attack ESXi systems, as they are widely used in enterprise environments to manage…

18 hours ago

Over 50% of US Car Dealers Are Shut Down Following CDK Hack Attack

A cyberattack on CDK Global, a major provider of automotive dealership software solutions, has caused…

19 hours ago

Hackers Published Sensitive Data Stolen From London Hospitals

A cyber-attack on London hospitals resulted in the publication of sensitive data stolen from Synnovis,…

20 hours ago

Hackers Employing FB Infrastructure to Steal Your Account Passwords

Cybercriminals in password theft are constantly developing new ways to deliver phishing emails. They’ve learned…

21 hours ago