In the dynamic realm of cybersecurity, vulnerabilities emerge and evolve constantly. The recent discovery of CVE-2023-43770 highlights an alarming Cross-Site Scripting (XSS) flaw in popular webmail software, Roundcube.

This article delves deep into the vulnerability, offering a hands-on Proof-of-Concept to understand its intricacies and implications. Join us as we unveil the layers behind this significant security loophole.

A Proof-Of-Concept for the recently found CVE-2023-43770 vulnerability.


Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.


python -e -p Attack3rPwd -t