Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Back to KEV List

RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

Added Oct. 24, 2024 Due Nov. 14, 2024 CVE-2024-37383
Overdue Roundcube / Webmail CWE-79

Description

RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

Additional Information

Catalog Version
2025.01.24
Catalog Released
Jan. 24, 2025
Days Until Due
0 days
Last Updated
9 months, 3 weeks ago