This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
07/23/2020
Roundcube XSS vulnerability opens the door to email account takeover
The Daily Swig
Roundcube is urging users to update their installations to resolve a security vulnerability that can be exploited to conduct stored, or persistent, cross-site scripting (XSS) attacks.
On July 21, an advisory was published concerning CVE-2020-15562, a vulnerability present in the Roundcube stable version 1.4 and LTS versions 1.3 and 1.2.
Written in PHP, Roundcube is an open source webmail project which offers a browser-based skinnable IMAP client in multiple languages. Features include MIME support, an address book, folders, and message search functionality.
Roundcube currently uses the jQuery 3.x client.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information