SummaryStored XSS vulnerabilities affect Roundcube versions 1.6.3 and older (CVE-2023-5631, CVE-2023-43770). Roundcube is a webmail service offered within cPanel & WHM. Security RatingThe National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2023-43770 – MEDIUMCVE-2023-5631 – MEDIUM DescriptionRoundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before …
The post Roundcube Stored XSS (CVE-2023-5631, CVE-2023-43770) first appeared on cPanel Newsroom.