Top open source email platform hacked to steal user details
techradar.comHackers are abusing a vulnerability in the Roundcube Webmail to steal emails and other sensitive data, new reports have claimed.
Cybersecurity experts from Positive Technologies sounded the alarm, saying the popular email client carries a flaw that is being actively exploited against government organizations in the Commonwealth of Independent States (CIS) region (former Soviet Union).
Roundcube Webmail is a popular browser-based email client with a user-friendly interface that mimics the look and feel of a desktop application. It supports standard email protocols like IMAP and SMTP, and offers features such as message search, contact management, and plugin customization.
Hiding with HTML
The bug is tracked as CVE-2024-37383, and described as a medium-severity stored cross-site scripting (XSS) flaw, allowing the execution of malicious JavaScript on the Roundcube page.
To trigger the vulnerability, the crooks would draft and send a unique email. The email’s body appears empty, and only comes with ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE