We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613
Send an html formatted email to the victim with the following html code: <a href=javascript:alert("XSS")>Click Me.
You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").
The insert link function doesn't validates URL properly.
once the user clicks on the url the XSS should be triggered.
In order to trigger this XSS you should insert the payload: "><img src='1.jpg'onerror=javascript:alert("XSS")> into your signature
Settings -> Identities -> Your Identitiy -> Signature Now create a new mail, XSS Should be triggered.
Keywords: XSS Migrated-From: http://trac.roundcube.net/ticket/1488613
The text was updated successfully, but these errors were encountered:
Comment by @alecpl on 15 Aug 2012 08:13 UTC
Sorry, something went wrong.
Milestone changed by @alecpl on 15 Aug 2012 08:13 UTC
later => 0.8.1
Comment by @alecpl on 15 Aug 2012 09:24 UTC
Status changed by @alecpl on 15 Aug 2012 09:24 UTC
new => closed
No branches or pull requests
Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613
Send an html formatted email to the victim with the following html code: <a href=javascript:alert("XSS")>Click Me.
You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").
The insert link function doesn't validates URL properly.
once the user clicks on the url the XSS should be triggered.
In order to trigger this XSS you should insert the payload: "><img src='1.jpg'onerror=javascript:alert("XSS")> into your signature
Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.
Keywords: XSS
Migrated-From: http://trac.roundcube.net/ticket/1488613
The text was updated successfully, but these errors were encountered: