CVE-2023-43770

MEDIUM KEV

Roundcube <1.4.14, <1.5.4, <1.6.3 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-43770 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 12, 2024. EIP tracks 3 public exploits from researchers including s3cb0y, knight0x07, skyllpro.

AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2023-43770, an XSS vulnerability in Roundcube Webmail. The PoC sends a crafted email with a malicious script embedded in a text/plain message, leveraging improper handling in Roundcube's string replacer.

Description

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

Exploits (3)

nomisec WORKING POC 33 stars
by s3cb0y · client-side
https://github.com/s3cb0y/CVE-2023-43770-POC

This repository contains a functional Python script that exploits CVE-2023-43770, an XSS vulnerability in Roundcube Webmail. The PoC sends a crafted email with a malicious script embedded in a text/plain message, leveraging improper handling in Roundcube's string replacer.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Roundcube Webmail (before 1.4.14, 1.5.x before 1.5.4, 1.6.x before 1.6.3)
Auth required
Prerequisites: Valid SMTP credentials for sending the malicious email · Target using a vulnerable version of Roundcube
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP 3 stars
by knight0x07 · poc
https://github.com/knight0x07/CVE-2023-43770-PoC

This repository provides a technical description and references for CVE-2023-43770, a stored XSS vulnerability in Roundcube. It includes details about the attack chain, affected versions, and references to patches and external resources.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3
No auth needed
Prerequisites: Victim must open a crafted email
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by skyllpro · client-side
https://github.com/skyllpro/CVE-2021-44026-PoC

This PoC demonstrates a chained exploit combining XSS and SQLi in Roundcube Webmail to exfiltrate session data. The Python script sends a malicious email with an XSS payload that triggers a SQL injection to extract session variables.

Classification
Working Poc 95%
Attack Type
Xss, Sqli, Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Roundcube Webmail (version not specified)
Auth required
Prerequisites: Valid SMTP credentials for sending email · Target must open the malicious email in Roundcube Webmail · Attacker-controlled C2 server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.5689
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2024-02-12
VulnCheck KEV 2024-02-12
InTheWild.io 2024-02-12
ENISA EUVD EUVD-2023-48147
CWE
CWE-79
Status published
Products (2)
debian/debian_linux 10.0
roundcube/webmail < 1.4.14
Published Sep 22, 2023
KEV Added Feb 12, 2024
Tracked Since Feb 18, 2026