Published: 22/09/2023 Updated: 13/02/2024

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Roundcube prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

Vulnerable Product	Search on Vulmon	Subscribe to Product
roundcube webmail
debian debian linux 10.0

A Proof-Of-Concept for the CVE-2023-43770 vulnerability.

CVE-2023-43770 POC A Proof-Of-Concept for the recently found CVE-2023-43770 vulnerability Roundcube before 1414, 15x before 154, and 16x before 163 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacerphp behavior Usage python cve-2023-43770py -e attacker@gmailcom -p Attack3rPwd -t victim@examplecom

PoC for Stored XSS (CVE-2023-43770) Vulnerability

CVE-2023-43770-PoC PoC for Stored XSS (CVE-2023-43770) Vulnerability Description Roundcube before 1414, 15x before 154, and 16x before 163 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacerphp behavior Attack Chain Crafted Email -> Victim receives & opens the email -> javascript e

CWE-79 https://roundcube.net/news/2023/09/15/security-update-1.6.3-released https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html https://nvd.nist.gov https://github.com/s3cb0y/CVE-2023-43770-POC

CVE-2023-43770

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect