Per: NVD - CVE-2023-43770 (nist.gov) Snippet: According to a description of the bug on NIST's National Vulnerability Database (NVD), the vulnerability impacts Roundcube versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 Most/all should be fine if you keep your host updated, most will probably have the 1.4.15 which is not listed below. ============================================== Alert: CISA Warns of Active 'Roundcube' Email Attacks Vulnerability: Cross-site scripting (XSS) flaw in Roundcube email software (CVE-2023-43770, CVSS score: 6.1). Affected Versions: Roundcube versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. Impact: Leads to information disclosure via malicious link references in plain/text messages. Resolution: Patched in Roundcube version 1.6.3, released on September 15, 2023.