ET EXPLOIT RoundCube Webmail Persistent XSS Attempt (CVE-2023-43770)

SID: 2051827Rev: 2116 viewsHistory

Sourceet/open

CreatedMarch 28, 2024

UpdatedJanuary 14, 2026

Classificationattempted-user

alert smtp any any -> [$SMTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT RoundCube Webmail Persistent XSS Attempt (CVE-2023-43770)"; flow:established,to_server; content:"Content-Type: text/plain|3b|"; content:"|0a 0a 5b 3c|"; fast_pattern; pcre:"/^[^\x3e\x0d\x0a]*?(?:[\x20\x27\x22\x2f]on[a-z]+\x3d|(?:\x3cs(?:cript[\x3a\x3e\x20\x2b\x2f]|tyle\x3d)|\x3ciframe[\x20\x2f]))/R"; reference:cve,2023-43770; classtype:attempted-user; sid:2051827; rev:2; metadata:attack_target Networking_Equipment, created_at 2024_03_28, cve CVE_2023_43770, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2026_01_14;)

References

cve	2023-43770

Metadata

attack targetNetworking_Equipment

created at2024_03_28

cveCVE-2023-43770

deploymentInternal

confidenceMedium

signature severityMajor

tagCISA_KEV

updated at2026_01_14

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!