XSS Issues #3875
Closed
XSS Issues #3875
Labels
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613
Send an html formatted email to the victim with the following html code: <a href=javascript:alert("XSS")>Click Me.
You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").
The insert link function doesn't validates URL properly.
once the user clicks on the url the XSS should be triggered.
In order to trigger this XSS you should insert the payload: "><img src='1.jpg'onerror=javascript:alert("XSS")> into your signature
Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.
Keywords: XSS
Migrated-From: http://trac.roundcube.net/ticket/1488613
The text was updated successfully, but these errors were encountered: