Cross-site Scripting (XSS) issue in the Kolab Webclient?

Lately we got a lot of questions at Support about a possible vulnerability in Roundcube, the Kolab Now webclient. The listing in question is  CVE-2023-47272 which upstream in the Roundcube development has been handled and patched.

To see the version of Roundcube running as the Kolab now webclient, login and press the ‘About’ button in the left side of the screen. This will reveal that Kolab Now is running:

Roundcube Webmail 1.5.6.3-30.1

This tells, that the fix was already installed, and that the Kolab Now webclient is not impacted by the vulnerability.

We are thankful for having an observant and active user base.