CVE-2023-43770

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Attend

*SSVC

Descriptions

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

Roundcube anterior a 1.4.14, 1.5.x anterior a 1.5.4 y 1.6.x anterior a 1.6.3 permiten XSS a través de mensajes de texto/correo electrónico plano con enlaces manipuados debido al comportamiento de program/lib/Roundcube/rcube_string_replacer.php.

It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting attack.

Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Active

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-09-22 CVE Reserved
2023-09-22 CVE Published
2023-09-27 First Exploit
2024-02-12 Exploited in Wild
2024-03-04 KEV Due Date
2024-08-02 CVE Updated
2025-03-30 EPSS Updated

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (5)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html	Mailing List

URL	Date	SRC
https://github.com/s3cb0y/CVE-2023-43770-POC	2023-09-27
https://github.com/knight0x07/CVE-2023-43770-PoC	2023-09-28

URL	Date	SRC
https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b	2024-07-03

URL	Date	SRC
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released	2024-07-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Roundcube Search vendor "Roundcube"		Webmail Search vendor "Roundcube" for product "Webmail"				< 1.4.14 Search vendor "Roundcube" for product "Webmail" and version " < 1.4.14"		-		Affected
Roundcube Search vendor "Roundcube"		Webmail Search vendor "Roundcube" for product "Webmail"				>= 1.5.0 < 1.5.4 Search vendor "Roundcube" for product "Webmail" and version " >= 1.5.0 < 1.5.4"		-		Affected
Roundcube Search vendor "Roundcube"		Webmail Search vendor "Roundcube" for product "Webmail"				>= 1.6.0 < 1.6.3 Search vendor "Roundcube" for product "Webmail" and version " >= 1.6.0 < 1.6.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected