CVE-2024-37383: RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability.

RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability. RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

• CISA KEV-listed (remediation due 2024-11-14)
• EPSS 64.0% (98.5% percentile)

Browse the CVE database

Read the full analysis on IntelFusions