Critical active threat
CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS)
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Roundcube Webmail XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.