CVE-2024-42009CISA KEV: Actively Exploited

RoundCube Webmail Cross-Site Scripting Vulnerability

Published Jun 9, 2025·Updated Jun 9, 2025

Description

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Public Exploits & PoCs3 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free