Description

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

Remediation

References

CVE-2023-43770

Related Vulnerabilities

WordPress Plugin Gallery-Flagallery Photo Portfolio 'facebook.php' Cross-Site Scripting (1.56)

WordPress Plugin Duplicate Theme Unspecified Vulnerability (0.1.4)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2609)

WordPress Plugin Qiniu Cloudtuchuang Cross-Site Scripting (1.8)

Severity

Medium

Classification

CVE-2023-43770 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities