CISA Alert: CVE-2024-37383 - Webmail - Unknown Vendor Vulnerability - Githubissues

ums91 / CISA_BOT

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

2 stars 0 forks source link

CISA Alert: CVE-2024-37383 - Webmail - Unknown Vendor Vulnerability #41

Closed ums91 closed 1 week ago

ums91 commented 1 week ago

Vulnerability Details

Name: CVE-2024-37383
CVE ID: CVE-2024-37383
Vendor: Unknown Vendor
Product: Webmail
Description: Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
Date Added: N/A
Due Date: RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
Required Action: RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
CWE ID: N/A
CWE Name: N/A
Base Score: N/A
Severity: Unknown

CISA Vulnerability Information

Date Added to CISA: 2024-10-24
Notes: https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383
Related Products:

Recommended Action

Please review the vulnerability and apply the recommended patches or mitigations.

Source: CISA KEV Catalog

ums91 commented 1 week ago

Reviewed the Vulnerability and applied the recommended patches/mitigations/remediation.