Full title: Roundcube Webmail Stored XSS Exploit Category: web applications Platform: multiple Description: The CVE-2024-37383 vulnerability was discovered in the Roundcube Webmail email client. This is a stored XSS vulnerability that allows an attacker to execute JavaScript code on the user's page. To exploit the vulnerability, all attackers need to do is open a malicious email using a Roundcube client version earlier than 1.5.6 or from 1.6 to 1.6.6. # 0day.today @ http://0day.today/