Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and 1.6.7. The email carrying the exploit was sent in June 2024. About CVE-2024-37383 Roundcube is an open-source, browser-based IMAP client with a user interface that makes it look like a standalone application. CVE-2024-37383 is a … More
The post Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) appeared first on Help Net Security.
