Unrated severityCISA KEVNVD Advisory· Published Sep 22, 2023· Updated Oct 21, 2025
CVE-2023-43770
CVE-2023-43770
Description
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.4.14, >=1.5.0 <1.5.4, >=1.6.0 <1.6.3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.