Winter Vivern Exploits Zero-Day Vulnerability in Roundcube Webmail Servers
The vulnerability, assigned CVE-2023-5631, allowed attackers to execute arbitrary JavaScript code in the context of a Roundcube user’s browser window through a specially crafted email.