XSS Issues #3875

rcubetrac · 2012-08-14T19:55:25Z

Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613

Send an html formatted email to the victim with the following html code: <a href=javascript:alert("XSS")>Click Me.

You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").

The insert link function doesn't validates URL properly.

once the user clicks on the url the XSS should be triggered.

In order to trigger this XSS you should insert the payload: "><img src='1.jpg'onerror=javascript:alert("XSS")> into your signature

Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.

rcubetrac · 2012-08-15T08:13:52Z

Comment by @alecpl on 15 Aug 2012 08:13 UTC

rcubetrac · 2012-08-15T08:13:52Z

Milestone changed by @alecpl on 15 Aug 2012 08:13 UTC

later => 0.8.1

rcubetrac · 2012-08-15T09:24:01Z

Comment by @alecpl on 15 Aug 2012 09:24 UTC

fixed in c086978. For the record, 1st was a regression in 0.8. 2nd has a less severity, so I don't think we need backport to 0.7.

rcubetrac · 2012-08-15T09:24:01Z

Status changed by @alecpl on 15 Aug 2012 09:24 UTC

new => closed

rcubetrac closed this Aug 15, 2012

rcubetrac added bug C: Security P1 labels Mar 20, 2016

rcubetrac added this to the 0.8.1 milestone Mar 20, 2016

roundcube / roundcubemail