SMTP Roundcube Webmail SVG animate Stored Cross-Site Scripting -1 (CVE-2024-37383)

Rule ID

1235548

Severity

Medium

Description

A stored cross-site scripting vulnerability has been reported in Roundcube Webmail. The vulnerability is due to insufficient validation and sanitization of the animate HTML tag within the SVG tag. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted email message to a target user. When the user accesses the Roundcube server to view the crafted email, the XSS condition will be triggered, depending on the payload, immediately after viewing or after clicking the malicious element. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Impact

Cross-site scripting

Recommendation

Update vendor's patch.

IPS Category

Exploits

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-37383

T0863

T1059

T1204

T0853

Keywords

N/A

Date Created

2024/08/27

Last Updated

2024/12/26

This website uses cookies to ensure you get the best experience on our website.

Learn more