About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird.
The vulnerability is caused by an error in the processing of SVG elements in the email body. The victim opens an email from the attacker, which causes malicious JavaScript code to be executed in the context of the user’s page.
In September 2024, specialists from the TI department of the Positive Technologies Expert Security Center (PT ESC) discovered a malicious email with signs of exploitation of this vulnerability. It was sent to one of the government agencies of the CIS countries.
Attacks on Roundcube are not uncommon. At the end of last year, there were news about the exploitation of a similar vulnerability CVE-2023-5631 in targeted attacks.
Update it in a timely manner!
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.