XSS Issues #3875

rcubetrac opened this Issue Aug 14, 2012 · 4 comments


None yet
1 participant

Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613

  1. Description: Stored XSS in e-mail body.

Send an html formatted email to the victim with the following html code: <a href=javascript:alert("XSS")>Click Me.

You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").

The insert link function doesn't validates URL properly.

once the user clicks on the url the XSS should be triggered.

  1. Self XSS in e-mail body (Signature).

In order to trigger this XSS you should insert the payload: "><img src='1.jpg'onerror=javascript:alert("XSS")> into your signature

Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.

Keywords: XSS
Migrated-From: http://trac.roundcube.net/ticket/1488613

Comment by @alecpl on 15 Aug 2012 08:13 UTC

  1. fixed in 5ef8e4a.

Milestone changed by @alecpl on 15 Aug 2012 08:13 UTC

later => 0.8.1

Comment by @alecpl on 15 Aug 2012 09:24 UTC

  1. fixed in c086978. For the record, 1st was a regression in 0.8. 2nd has a less severity, so I don't think we need backport to 0.7.

Status changed by @alecpl on 15 Aug 2012 09:24 UTC

new => closed

@rcubetrac rcubetrac closed this Aug 15, 2012

@rcubetrac rcubetrac added this to the 0.8.1 milestone Mar 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment