Advertisement
Top
image credit: Freepik

Alert: CISA Warns of Active ‘Roundcube’ Email Attacks – Patch Now

February 13, 2024

Via: The Hacker News
Category:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of linkrefs in plain text messages.

“Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages,” CISA said.

Read More on The Hacker News

RELATED PUBLICATIONS

TikTok is another step closer to a ban in the US following Senate vote
The cloud is not a slam dunk platform for generative AI
The dawn of intelligent and automated data orchestration

Latest Publications

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
Qualcomm claims its Snapdragon X Plus is an M3 beater, but is it really?
AMD’s Zen 5 CPUs are ‘imminent’ and another motherboard maker seemingly confirms them as Ryzen 9000 chips
Do you need to repatriate from the cloud?
TikTok is another step closer to a ban in the US following Senate vote
Technology Curated Copyright © 2024. All rights reserved
Go to ITCurated!