XSS within _mbox parameter #3469
Comments
rcubetrac
commented
Aug 9, 2011
|
Comment by @alecpl on 9 Aug 2011 13:48 UTC I'm unable to reproduce. |
rcubetrac
commented
Aug 9, 2011
|
Milestone changed by @alecpl on 9 Aug 2011 13:48 UTC later => 0.6-beta |
rcubetrac
commented
Aug 9, 2011
|
Comment by abyszko on 9 Aug 2011 14:03 UTC Are you authenticated? |
rcubetrac
commented
Aug 9, 2011
|
Comment by phs on 9 Aug 2011 17:37 UTC Could reproduce it (see attachment "screenshot.png"). |
rcubetrac
commented
Aug 9, 2011
rcubetrac
commented
Aug 9, 2011
|
Status changed by @alecpl on 9 Aug 2011 18:41 UTC new => closed |
rcubetrac
closed this
Aug 9, 2011
rcubetrac
added bug C: Security P2
labels
Mar 20, 2016
rcubetrac
added this to the
0.6-beta
milestone
Mar 20, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
rcubetrac commentedAug 9, 2011
Reported by abyszko on 9 Aug 2011 10:37 UTC as Trac ticket #1488030
During one of pen-tests I found that _mbox parameter is not properly sanitized and reflected XSS attack is possible - example
http://server/roundcube/?_mbox=%3Cscript%3Ealert(document.cookie)%3C/script%3E
I verified this on 0.5.2 and latest version from trunk.
Migrated-From: http://trac.roundcube.net/ticket/1488030