- Description
- Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- Oct 24, 2024
- Exploit action due
- Nov 14, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/H5QZSnKtsZ & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Sk2WWTO2hM
@Refund_Agency
28 Jan 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2024-37383: Stored XSS vulnerability in Roundcube webmail https://t.co/it24f3rzDa This vulnerability is caused by improper filtering of SVG tags. It allows malicious JavaScript code to execute a stored XSS attack via specific tags when a user views a crafted… ht
@hackyboiz
8 Jan 2025
1081 Impressions
6 Retweets
19 Likes
8 Bookmarks
0 Replies
0 Quotes
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/2xfJoXAFC5 & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/TNdehHOnTy
@Scam___RefundHQ
5 Dec 2024
3 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/hcn98PHn8G & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/9WdB8Cvfnd
@SafeZone_Cyber
25 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alerta🚨CVE-2024-37383: 👇 /product.name="Roundcube Webmail" SHODAN: http.component:"RoundCube" FOFA: app="Roundcube-Webmail" https://t.co/SER2XWYVMi
@yunus_huse5646
25 Nov 2024
9 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Alerta🚨CVE-2024-37383: Vulnerabilidad de correo web Roundcube dirigida a agencias gubernamentales 📰Consulta: https://t.co/9PVX84pKIi… 📊 Se encuentran más de 2,7 millones de servicios en cada año. 👇Consulta /product.name="Roundcube Webmail" SHODAN:… https://t.co/s8D9MEVzEF h
@BugHunterMX
24 Nov 2024
62 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/yk5oYRh1Ta & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/sV14ITJnsR
@kim_Cyberhack
18 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/Ixc0xLuq5Q & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/2smn5hOV66
@Scamreportcommi
18 Nov 2024
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-37383: Roundcube Webmail Vulnerability Targeting Government Agencies 📰Refer: https://t.co/qUsBu5woC8 📊 2.7M+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/BZe1fAjhlA 👇Query HUNTER:/product.name="Roundcube Webmail" SHODAN:…
@HunterMapping
13 Nov 2024
4693 Impressions
37 Retweets
93 Likes
26 Bookmarks
1 Reply
0 Quotes
🚨اكتشاف ثغرة (CVE-2024-37383) في #Roundcube مستغلة في هجمات التصيد! 📷 ابحث عن "tech_stack: "Roundcube في #Criminal_IP للعثور على خوادم بريد الويب Roundcube الضعيفة المستخدمة في أكثر من 100 دولة. تعرف على كيفية العثور على الثغرات والخوادم المكشوفة: https://t.co/JUkWKmPugc https:
@CriminalIP_AR
12 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨フィッシング攻撃に悪用される #RoundCube の脆弱性(CVE-2024-37383)を発見! #Criminal_IP を利用して、脆弱性の脅威にさらされている世界中のRoundCubeウェブメールサーバーを確認いただけます! 🔎クエリ:tech_stack: "Roundcube"… https://t.co/5dlDPDHkTH https://t.co/TjGl8BGdLi
@CriminalIP_JP
12 Nov 2024
93 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨피싱 공격에 악용되는 #라운드큐브취약점(CVE-2024-37383) 발견! #Criminal_IP를 이용해 취약점 위협에 노출된 전 세계 라운드큐브 웹메일 서버를 확인할 수 있습니다! 🔎Query: tech_stack: “Roundcube” 🌐100개국 이상 사용 중인 라운드큐브 웹메일을 악용한 취약점과 대응방법, 위협 헌팅 툴을… https://t.co/NGWsGXwtsS https://t.co/PbhOPRbt8w
@CriminalIP_KR
12 Nov 2024
65 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨New Roundcube Vulnerability (CVE-2024-37383) Exploited in Phishing Attacks! With #Criminal_IP, you can identify Roundcubewebmail servers exposed to this threat worldwide! 🔎 Query: tech_stack: "Roundcube" 🌐 Learn about this Roundcube vulnerability, mitigation steps, and tools…
@CriminalIP_US
12 Nov 2024
879 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/Cge6MdMFpU & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/4sp0wbENJt
@ScamRetrieverHQ
8 Nov 2024
33 Impressions
7 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/xkvXcYkRFY & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/pKQuR3kJ2u
@Scam_refundhq
7 Nov 2024
25 Impressions
8 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-37383 RoundCube #Webmail Cross-Site Scripting (XSS) Vulnerability https://t.co/RaMvNnNJY1
@ScyScan
4 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube mail server exploit for CVE-2024-37383 (Stored XSS) https://t.co/rLxX9sCOwT
@hanul93
4 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-47575 is getting exploited #inthewild. Find out more at https://t.co/cD0zNEqBsj CVE-2024-37383 is getting exploited #inthewild. Find out more at https://t.co/5zoqrMDf9r CVE-2024-20481 is getting exploited #inthewild. Find out more at https://t.co/p3faEF8Jc8
@inthewildio
1 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube Webmail の XSS 脆弱性 CVE-2024-37383:フィッシング攻撃での悪用を確認 https://t.co/V3FzLMgylp #APT28 #Exploit #OpenSource #Phishing #PositiveTechnologies #Roundcube #Scammer #Vulnerability #Webmail #WinterVivern #XSS
@iototsecnews
29 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added ASA & FTD and Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/3DEDvrRAeV & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/DwG3CgF2Tv
@BenzEcosystemHQ
28 Oct 2024
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention https://t.co/WOkfOnJtCS https://t.co/IN7vKYQQPz
@buaqbot
26 Oct 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention https://t.co/ECiccrYxt8 https://t.co/dda4O0ZGij
@evanderburg
25 Oct 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-37383 presente in #Roundcube #Webmail Rischio: 🟠 Tipologia: 🔸 Information Disclosure 🔸 Privilege Escalation 🔗 https://t.co/ZQ9lwRLV95 ⚠ Importante aggiornare i pro… https://t.co/NY1y6GWcIn
@Vulcanux_
25 Oct 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-37383 presente in #Roundcube #Webmail Rischio: 🟠 Tipologia: 🔸 Information Disclosure 🔸 Privilege Escalation 🔗 https://t.co/SbkrEpStef ⚠ Importante aggiornare i prodotti interessati https://t.co/gMIxvT
@csirt_it
25 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities Don't overlook the risks! Learn about actively exploited flaws in #Cisco devices & #Roundcube webmail software: CVE-2024-37383 & CVE-2024-20481 https://t.co/LbSbLgAPrg
@the_yellow_fall
25 Oct 2024
79 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #Cisco ASA & FTD and #Roundcube Webmail vulnerabilities CVE-2024-20481 & CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https:
@CISACyber
24 Oct 2024
4705 Impressions
13 Retweets
23 Likes
3 Bookmarks
0 Replies
2 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-37383 RoundCube #Webmail Cross-Site Scripting (XSS) Vulnerability https://t.co/RaMvNnNJY1
@ScyScan
24 Oct 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#AppSec #WebApp_Security 1. Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability https://t.co/2LAyAGmKOW 2. SAP Ping Pong - XSS and URL Redirection Vulnerabilities https://t.co/2t3F73rrP4
@akaclandestine
24 Oct 2024
800 Impressions
2 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
#AppSec #WebApp_Security 1. Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability https://t.co/4TAmmG9Dnx 2. SAP Ping Pong - XSS and URL Redirection Vulnerabilities https://t.co/pIivoB2ANi
@ksg93rd
23 Oct 2024
70 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. An XSS leading to remote email collection. https://t.co/Y5jPlwxYBC
@XssPayloads
23 Oct 2024
2220 Impressions
6 Retweets
26 Likes
5 Bookmarks
0 Replies
0 Quotes
"The distinctive attribute name (attributeName="href "), containing an extra space, indicated that the email was an attempt to exploit the CVE-2024-37383 #vulnerability in #RoundcubeWebmail." https://t.co/5OtaboUWZM
@MalwarePatrol
22 Oct 2024
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383): Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT)… https://t.co/vuW679mDrW ht
@cipherstorm
22 Oct 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Roundcube XSS flaw exploited to steal credentials, #email (#CVE-2024-37383) https://t.co/qanazuhf5B
@ScyScan
22 Oct 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) https://t.co/EBJ0AGUXHo #HelpNetSecurity #Cybersecurity https://t.co/tn39e8sMJz
@PoseidonTPA
22 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383): Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT)… https://t.co/6bvAru3i11 ht
@shah_sheikh
22 Oct 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Roundcube XSS flaw exploited to steal credentials, email (#CVE-2024-37383) https://t.co/qWV4hLKSur https://t.co/HslWKC6bQi
@evanderburg
22 Oct 2024
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Positive Technologies researchers have uncovered a critical exploit targeting Roundcube Webmail (CVE-2024-37383). Cybercriminals are using a stored XSS flaw to steal credentials and compromise emails. 🔗Read more: https://t.co/POhTxfVRGM #EmailSecurity #ISBNews @ptsecurity
@Info_Sec_Buzz
22 Oct 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CVE-2024-37383: A stored cross-site scripting vulnerability in the Roundcube webmail software that enables an attacker to execute JavaScript code on the user's page. Attackers are exploiting the vulnerability by a malicious email using a Roundcube client version…
@Loginsoft_Inc
21 Oct 2024
90 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CVE-2024-37383: A stored cross-site scripting vulnerability in the Roundcube webmail software that enables an attacker to execute JavaScript code on the user's page. Attackers are exploiting the vulnerability by a malicious email using a Roundcube client version…
@Loginsoft_Inc
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability https://t.co/yEqQhx7Ixf
@Cyber_O51NT
21 Oct 2024
636 Impressions
1 Retweet
3 Likes
2 Bookmarks
0 Replies
0 Quotes
💡マイクロソフトが偽のAzureテナントを作成し、フィッシング攻撃者をハニーポットへ誘導 ⚠️ハッカーらがWebメールRoundcubeのXSS脆弱性を悪用し、ログイン認証情報を盗む(CVE-2024-37383) 〜サイバーセキュリティ週末の話題〜 https://t.co/QmvsHVMHnr #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
21 Oct 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. ↘️ https://t.co/XybfLsG8Lg
@SwitHak
20 Oct 2024
1368 Impressions
3 Retweets
6 Likes
4 Bookmarks
1 Reply
0 Quotes
💥 Hackers can execute code in your inbox! Vulnerabilities like CVE-2024-37383 let attackers exploit Roundcube. 🛡️ Tip: Always update your email clients to avoid risks. Have you updated yours recently?
@Guardians_Cyber
20 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
About Cross Site Scripting - #Roundcube Webmail (CVE-2024-37383) vulnerability. In September 2024, specialists from the TI department of the #PositiveTechnologies ESC discovered a malicious email with signs of exploitation of this vulnerability. ➡️ https://t.co/ceUN22qt1n https:/
@leonov_av
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "018530A6-4785-49CC-8868-90824E79CA82",
"versionEndExcluding": "1.5.7"
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1964E474-BED1-4806-A9D0-848BC3D93C0E",
"versionEndExcluding": "1.6.7",
"versionStartIncluding": "1.6.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
}
]