LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2024-37383

CVE-2024-37383

RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2024-10-24. Federal remediation due 2024-11-14.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Summary

RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Data: NIST NVD + CISA KEV. Always verify against the vendor advisory before acting.

Scroll to Top