XSS within _mbox parameter #3469

Closed
rcubetrac opened this Issue Aug 9, 2011 · 6 comments

Comments

Projects
None yet
1 participant

Reported by abyszko on 9 Aug 2011 10:37 UTC as Trac ticket #1488030

During one of pen-tests I found that _mbox parameter is not properly sanitized and reflected XSS attack is possible - example

http://server/roundcube/?_mbox=%3Cscript%3Ealert(document.cookie)%3C/script%3E

I verified this on 0.5.2 and latest version from trunk.

Migrated-From: http://trac.roundcube.net/ticket/1488030

Comment by @alecpl on 9 Aug 2011 13:48 UTC

I'm unable to reproduce.

Milestone changed by @alecpl on 9 Aug 2011 13:48 UTC

later => 0.6-beta

Comment by abyszko on 9 Aug 2011 14:03 UTC

Are you authenticated?

Comment by phs on 9 Aug 2011 17:37 UTC

Could reproduce it (see attachment "screenshot.png").

Comment by @alecpl on 9 Aug 2011 18:41 UTC

I think 8dd172a fixes the issue.

Status changed by @alecpl on 9 Aug 2011 18:41 UTC

new => closed

rcubetrac closed this Aug 9, 2011

rcubetrac added this to the 0.6-beta milestone Mar 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment