NVD disclosure day

Published threat advisories for October 18, 2023

CVE advisoryKnown Exploit

CVE-2023-5631

Roundcube Webmail Stored Cross-Site Scripting Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Roundcube webmail allows remote attackers to execute arbitrary JavaScript via crafted HTML emails. This could impact organizations by enabling unauthorized script execution, potentially leading to data exposure. Affected organizations should identify and mitigate this risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2023-45727

Proself: Unauthenticated File Reading Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Proself software allows unauthenticated remote attackers to read arbitrary files containing account information. This could lead to unauthorized disclosure of sensitive data, creating a business risk. Organizations using affected versions should address this issue.

NVD published: • CISA KEV