CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-37383

High Severity
Roundcube
SVRS
58/100
CVSSv3
6.1/10
EPSS
0.72589/1

CVE-2024-37383 is a cross-site scripting (XSS) vulnerability affecting Roundcube Webmail. Versions prior to 1.5.7 and 1.6.x before 1.6.7 are susceptible. The vulnerability stems from insufficient sanitization of SVG animate attributes, allowing attackers to inject malicious scripts into user interfaces. This XSS vulnerability can be triggered by exploiting SVG attributes.

Given an SVRS of 58, while not critical, this vulnerability requires attention. Successful exploitation could lead to session hijacking, sensitive data theft, or defacement of the webmail interface. The presence of active exploits and its inclusion in the CISA KEV catalog further emphasizes the need to patch to prevent potential harm. Upgrade Roundcube Webmail to version 1.5.7 or 1.6.7 or later to mitigate this risk.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:C
C:L
I:L
A:N
PUBLICATION DATE2024-06-07
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-37383 is a cross-site scripting (XSS) vulnerability in Roundcube Webmail versions prior to 1.5.7 and 1.6.x before 1.6.7. It allows attackers to inject malicious scripts into the webmail interface, potentially leading to account compromise, data theft, or malware infection. The SVRS of 58 indicates a moderate risk, highlighting the need for prompt attention.

Key Insights:

  • Active Exploitation: Active exploits have been published, indicating that attackers are actively exploiting the vulnerability.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, urging organizations to patch their systems immediately.
  • In the Wild: The vulnerability is being actively exploited by hackers, making it crucial for organizations to take immediate action.
  • CWE-79: The vulnerability falls under CWE-79 (Cross-Site Scripting), a common web application vulnerability that allows attackers to execute malicious scripts in a user's browser.

Mitigation Strategies:

  • Apply Patches: Install the latest security patches from Roundcube Webmail to address the vulnerability.
  • Enable XSS Protection: Configure web application firewalls (WAFs) and browsers to block XSS attacks.
  • Use Content Security Policy (CSP): Implement CSP to restrict the execution of scripts from untrusted sources.
  • Educate Users: Train users to be aware of phishing emails and suspicious links that could lead to XSS attacks.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
amirzargham/CVE-2024-37383-exploithttps://github.com/amirzargham/CVE-2024-37383-exploit2024-11-03
bartfroklage/CVE-2024-37383-POChttps://github.com/bartfroklage/CVE-2024-37383-POC2024-10-24
Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)Releases · roundcube/roundcubemail2025-04-11
RoundCube Webmail Cross-Site Scripting (XSS) Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-373832024-10-24
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, October 23rd, 2024
Dr. Johannes B. Ullrich2024-10-23
ISC StormCast for Wednesday, October 23rd, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTTP vs. HTTPS; VMware, Unifi, Roundgroup, Atlassian, OneDev Patches, Vulnerability and ExploitsHow much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372 VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Unifi Security Advisory Bulletin 043<br
sans.edu
rss
forum
news
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE
Ferdi Gül2024-12-03
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE | Written by: Ferdi Gül Welcome to this week’s edition of Focus Friday, where we explore high-profile cybersecurity incidents and vulnerabilities through the lens of Third-Party Risk Management (TPRM). In today’s rapidly evolving threat landscape, critical vulnerabilities pose a significant risk to organizations relying on third-party software and services. This week, we dive into several crucial [&#8230;] The post FOCUS FRIDAY: ADDRESSING
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Ferdi Gül2024-12-03
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written by: Ferdi Gül Welcome to this week&#8217;s edition of FOCUS FRIDAY, where we delve into high-profile cybersecurity incidents from a Third-Party Risk Management (TPRM) perspective. In this installment, we examine critical vulnerabilities affecting widely-used products such as LiteSpeed Cache, RICOH Web Image Monitor, Squid Proxy, and Xlight FTP. By leveraging Black Kite’s proprietary FocusTags™, [&#8230;] The post <a href="https://blackkite.com
normshield.com
rss
forum
news
Focus Friday: Third-Party Risk Insights Into Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd Vulnerabilities With Black Kite’s FocusTags™
Ferdi Gül2024-12-03
Focus Friday: Third-Party Risk Insights Into Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd Vulnerabilities With Black Kite’s FocusTags™ | Written by: Ferdi Gül Welcome to this week’s Focus Friday, where we delve into high-profile vulnerabilities impacting third-party software and explore their implications for Third-Party Risk Management (TPRM). This edition examines two notable vulnerabilities: the path traversal vulnerabilities in Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd. With each vulnerability carrying the potential for severe [&#8230;] The post Focus
normshield.com
rss
forum
news
Focus Friday: TPRM Insights On PAN-OS, PostgreSQL, and Apache Airflow Vulnerabilities
Ferdi Gül2024-12-03
Focus Friday: TPRM Insights On PAN-OS, PostgreSQL, and Apache Airflow Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday blog delves into critical vulnerabilities affecting widely used systems: PAN-OS, Apache Airflow, and PostgreSQL. These vulnerabilities, ranging from authentication bypass and privilege escalation to sensitive data exposure and arbitrary code execution, highlight the evolving threat landscape faced by organizations worldwide. From a Third-Party Risk Management (TPRM) perspective, [&#8230;] The post Focus Friday: TPRM Insights On PAN-OS, PostgreSQL, and Apache Airflow
normshield.com
rss
forum
news
28th October – Threat Intelligence Report
lorenf2024-12-02
28th October – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 28th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grupo Aeroportuario del Centro Norte (OMA), operator of 13 airports across Mexico, was hacked by the RansomHub ransomware gang, who threatened to leak 3TB of stolen data unless a ransom is paid. [&#8230;] The post 28th October – Threat Intelligence Report appeared first on Check Point Research<
checkpoint.com
rss
forum
news
Tageszusammenfassung - 21.10.2024
CERT.at2024-12-02
Tageszusammenfassung - 21.10.2024 | End-of-Day report Timeframe: Freitag 18-10-2024 18:00 - Montag 21-10-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer News New macOS vulnerability, -HM Surf-, could lead to unauthorized data access Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system-s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user-s protected data. The vulnerability, which we refer to as -HM Surf
cert.at
rss
forum
news

Social Media

We added ASA &amp; FTD and Webmail vulnerabilities CVE-2024-20481 &amp; CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/yk5oYRh1Ta &amp; apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/sV14ITJnsR
0
0
0
🚨 CVE ALERT. - CVE-2024-37383 Esta vulnerabilidad permite a los atacantes robar credenciales de usuarios, lo que potencialmente abre nuevas vías para ataques de phishing. Inicialmente reportada como un objetivo contra agencias gubernamentales ... https://t.co/OxsAjpMC0z
0
1
1
CVE-2024-47575 is getting exploited #inthewild. Find out more at https://t.co/cD0zNEqBsj CVE-2024-37383 is getting exploited #inthewild. Find out more at https://t.co/5zoqrMDf9r CVE-2024-20481 is getting exploited #inthewild. Find out more at https://t.co/p3faEF8Jc8
0
0
0
We added ASA &amp; FTD and Webmail vulnerabilities CVE-2024-20481 &amp; CVE-2024-37383 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/3DEDvrRAeV &amp; apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/DwG3CgF2Tv
0
0
0
CISA が既知の悪用された脆弱性 2 件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Oct 24) - CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability - CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
0
0
0
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-37383 RoundCube #Webmail Cross-Site Scripting (XSS) Vulnerability https://t.co/RaMvNnNJY1
0
0
0
1/7 🚨 Government organizations using Roundcube Webmail, beware! 🚨 An XSS vulnerability (CVE-2024-37383) is being exploited to steal credentials. 🎣 Update to the latest version now! 🔄 #cybersecurity #infosec #Roundcube #webmail #phishing #XSS #CVE202437383 #government
0
0
0
🚨 Roundcube Vulnerability (CVE-2024-37383) exploited in phishing attacks targeting gov agencies! Protect against credential theft now. 🔍 Full details: https://t.co/EW5I3WyLUv #cybersecurity #phishing #RoundcubeVulnerability #CVE202437383 #infosec #govtech https://t.co/CC1V1GrP1a
0
0
0
#Dontmiss #Hotstuff #News #CVE #exploit Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) https://t.co/2S5hsmACL8
0
0
1
#Roundcube XSS flaw exploited to steal credentials, email (#CVE-2024-37383) https://t.co/qWV4hLKSur https://t.co/HslWKC6bQi
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppRoundcubewebmail
Configuration 2
TypeVendorProduct
OSDebiandebian_linux

References

ReferenceLink
[email protected]https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
[email protected]https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
[email protected]https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
[email protected]https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
[email protected]https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
[email protected]https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
[email protected]https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
[email protected]https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
[email protected]https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence