CVE-2023-5631 — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

2023-10-26 • CISA Known Exploited Vulnerability

[event] Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.

> AFFECTED SOFTWARE

Field	Value
Vendor	Roundcube
Product	Webmail
CWE	CWE-79
CVE ID	CVE-2023-5631
Date Added	2023-10-26
Due Date	2023-11-16
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2023-11-16

> REFERENCES

[1] https://roundcube.net/news/2023/10/16/security-update-1.6.4-released,
[2] https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15
[3] https://nvd.nist.gov/vuln/detail/CVE-2023-5631