CISA: Roundcube email server bug now exploited in attacks

February 12, 2024 at 02:03PM CISA warns of active exploitation of Roundcube email server vulnerability (CVE-2023-43770), impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The security flaw leads to persistent cross-site scripting attacks. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging immediate patching by federal agencies and private … Read more