Roundcube Webmail XSS Vulnerability

CVE-2024-37383

6.1MEDIUM

Key Information

Vendor: Roundcube Webmail
Status: Webmail
Vendor: CVE Published:; 7 June 2024

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

Summary

The Roundcube Webmail XSS Vulnerability, identified as CVE-2024-37383, allows for the exploitation of a cross-site scripting (XSS) vulnerability in Roundcube Webmail before versions 1.5.7 and 1.6.x prior to 1.6.7. This vulnerability enables the injection of malicious scripts that could lead to data theft and session hijacking. This XSS flaw has been exploited by threat actors in the wild, potentially putting users and organizations at risk. The potential impact of this vulnerability includes the compromise of sensitive information and unauthorized access to affected systems. Check Point IPS provides protection against this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-37383 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-37383-POC
Created by bartfroklage

CVE-2024-37383-exploit
Created by amirzargham