THREATOPS
THREAT OPSCVEs › CVE-2024-37383

CVE-2024-37383 — RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CISA KEVExploited: confirmedRoundcube

RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

Vulnerability details