THREAT OPS › CVEs › CVE-2024-37383
CVE-2024-37383 — RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.
Vulnerability details
- Affected productsWebmail
- KEV remediation due2024-11-14