A security flaw of medium severity that affects Roundcube email software was added to the database of Known Exploited Vulnerabilities (KEV) on Monday by the United States Cybersecurity and Infrastructure Security Agency (CISA). This flaw affects Roundcube email software. This particular modification was introduced on the basis of evidence that the problem was being actively exploited.

There is a cross-site scripting (XSS) vulnerability that is connected with the issue, which has been given the number CVE-2023-43770 and has a CVSS score of 6.1. This vulnerability is caused by the way linkrefs are handled in plain text communications.

“Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages,” according to the organization.

Roundcube versions previous to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3 are all affected by the vulnerability, according to a description of the problem that can be found on the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST). Additional information on the vulnerability can be found on the NIST website.

In version 1.6.3, which was made available to the general public on September 15, 2023, the Roundcube maintainers incorporated a patch for the vulnerability that was discovered. Niraj Shivtarkar, a security researcher at Zscaler, is identified as the person responsible for detecting and disclosing the vulnerability. In addition to that, he is credited for identifying the problem.

Despite the fact that there is currently no information available on the method in which the vulnerability is being exploited in the field, vulnerabilities in the web-based email client have been weaponized by threat actors with links to Russia in 2015. These threat actors include APT28 and Winter Vivern.

When it comes to protecting their networks from potential dangers, the agencies that fall under the jurisdiction of the Federal Civilian Executive Branch (FCEB) of the United States of America have been granted the power to deploy solutions that are offered by vendors, with the deadline for doing so being March 4, 2024.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center