CVE-2023-43770

Published: Sep 22, 2023

Modified: Oct 21, 2025

PUBLISHED

Description

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b

https://roundcube.net/news/2023/09/15/security-update-1.6.3-released

[debian-lts-announce] 20230922 [SECURITY] [DLA 3577-1] roundcube security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-43770

Description

Affected Products

References