Stored XSS vulnerability in Roundcube
CVE-2023-5631

5.4MEDIUM

Key Information:

Vendor

Roundcube

Status
Roundcubemail
Vendor
CVE Published:
18 October 2023

Badges

👾 Exploit Exists🟣 EPSS 90%🦅 CISA Reported

What is CVE-2023-5631?

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker

to load arbitrary JavaScript code.

CISA has reported CVE-2023-5631

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-5631 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Roundcubemail 1.6.0 < 1.6.3

Roundcubemail 1.5.0 < 1.5.4

Roundcubemail 1.4.0 < 1.5.14

References

https://github.com/roundcube/roundcubemail/commit/6ee6e7a...
https://github.com/roundcube/roundcubemail/releases/tag/1...
https://github.com/roundcube/roundcubemail/releases/tag/1...

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthieu Faou
Denys Klymenko
Aleksander Machniak
.
CVE-2023-5631 : Stored XSS vulnerability in Roundcube