This detection rule identifies potential exploitation of CVE-2023-5631, a critical XSS (Cross-Site Scripting) vulnerability discovered in Roundcube Webmail. This vulnerability can be exploited when an attacker sends a crafted HTML email containing a specially designed SVG (Scalable Vector Graphics) image. The crafted SVG can execute malicious code when viewed by the unsuspecting user, leading to stored XSS attacks. The rule captures this activity by analyzing the raw HTML of incoming messages for specific patterns indicative of SVG exploitation attempts. It also checks if attachments are present and ensures that the email is unsolicited, thereby filtering out legitimate communications while focusing on potential threats. Effectively, this rule employs content analysis and sender analysis to identify malicious emails crafted to exploit the described vulnerability in Roundcube Webmail, which poses significant risks to the users' security and data privacy.