The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog.

Roundcube is an open-source web-based email client. It provides a user-friendly interface for accessing email accounts via a web browser. Users can send and receive emails, manage their contacts, organize messages into folders, and perform various other email-related tasks. Roundcube supports standard email protocols such as IMAP and SMTP, making it compatible with a wide range of email servers.