Roundcube Webmail Vulnerability Exploited in Government Attack
A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports.
Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7.
See more: https://www.securityweek.com/roundcube-webmail-vulnerability-exploited-in-government-attack/
#cybersecurity #security