"CISA: Roundcube Email Server Bug Now Exploited in Attacks"

According to the Cybersecurity and Infrastructure Security Agency (CISA), a Roundcube email server vulnerability patched in September 2023 is being actively exploited in Cross-Site Scripting (XSS) attacks. The security vulnerability, tracked CVE-2023-43770, is a persistent XSS flaw that enables attackers to gain access to restricted information. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that these security flaws pose significant risks to the federal enterprise. Shodan currently tracks more than 132,000 Internet-accessible Roundcube servers, but no information is available regarding how many are vulnerable to ongoing attacks involving CVE-2023-43770 exploits. This article continues to discuss CISA's warning regarding the exploitation of the Roundcube email server bug.

Bleeping Computer reports "CISA: Roundcube Email Server Bug Now Exploited in Attacks"

Submitted by grigby1