CERT-FR Advisory: Vulnerability in Roundcube Webmail

The Computer Emergency Response Team for France (CERT-FR) has issued an advisory regarding the discovery of a vulnerability in Roundcube Webmail. Users are urged to take immediate action to address this security concern.

Summary of Vulnerability: A vulnerability has been identified in Roundcube Webmail, allowing an attacker to execute remote code injection through an indirect method known as Cross-Site Scripting (XSS). This could potentially compromise the security and integrity of user data.

Affected Systems: The following Roundcube Webmail versions are affected:

  • Versions 1.4.x earlier than 1.4.14
  • Versions 1.5.x earlier than 1.5.4
  • Versions 1.6.x earlier than 1.6.3

Recommended Actions: It is strongly advised to apply the security patches provided by Roundcube to address this vulnerability. Users should update their Roundcube Webmail installations to version 1.4.14, 1.5.4, or 1.6.3, depending on their current version. These updates include fixes to prevent the exploitation of the XSS vulnerability.


  • Roundcube Security Update 1.4.14, September 18, 2023 (No direct link provided)
  • Roundcube Security Update 1.5.4, September 18, 2023 (No direct link provided)
  • Roundcube Security Update 1.6.3, September 15, 2023 (No direct link provided)

Users are strongly encouraged to follow the instructions provided in the security bulletins to ensure the prompt and effective application of the necessary security updates.