/roundcubemail

New issue

XSS Issues #3875

Closed
rcubetrac opened this Issue Aug 14, 2012 · 4 comments

Projects

None yet

Labels

bug C: Security

Milestone

  0.8.1

Assignees

No one assigned

1 participant

@rcubetrac
@rcubetrac
rcubetrac commented Aug 14, 2012

Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613

  1. Description: Stored XSS in e-mail body.

Send an html formatted email to the victim with the following html code: Click Me.

You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").

The insert link function doesn't validates URL properly.

once the user clicks on the url the XSS should be triggered.

  1. Self XSS in e-mail body (Signature).

In order to trigger this XSS you should insert the payload: "> into your signature

Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.

Keywords: XSS
Migrated-From: http://trac.roundcube.net/ticket/1488613

@rcubetrac
rcubetrac commented Aug 15, 2012

Comment by @alecpl on 15 Aug 2012 08:13 UTC

  1. fixed in 5ef8e4a.
@rcubetrac
rcubetrac commented Aug 15, 2012

Milestone changed by @alecpl on 15 Aug 2012 08:13 UTC

later => 0.8.1

@rcubetrac
rcubetrac commented Aug 15, 2012

Comment by @alecpl on 15 Aug 2012 09:24 UTC

  1. fixed in c086978. For the record, 1st was a regression in 0.8. 2nd has a less severity, so I don't think we need backport to 0.7.
@rcubetrac
rcubetrac commented Aug 15, 2012

Status changed by @alecpl on 15 Aug 2012 09:24 UTC

new => closed

@rcubetrac rcubetrac closed this Aug 15, 2012
@rcubetrac rcubetrac added this to the 0.8.1 milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment