Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 16, 2023

CVE-2023-5631

High
EPSS 83.4%CISA KEV
Roundcube/Webmail

Description

Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.

EPSS — Exploit Probability

83.4%

Higher than 99.3% of all CVEs

Required Action

https://roundcube.net/news/2023/10/16/security-update-1.6.4-released, https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15 ; https://nvd.nist.gov/vuln/detail/CVE-2023-5631

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
83.4%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Oct 26, 2023

Added to KEV

Oct 26, 2023

Remediation Due

Nov 16, 2023

Affected Product

Roundcube

Webmail

View all Roundcube CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE