Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Two XSS vectors targeting IE and Firefox Users #4033

rcubetrac opened this Issue Dec 3, 2012 · 3 comments


None yet
1 participant

Reported by enriquerando on 3 Dec 2012 13:31 UTC as Trac ticket #1488850

Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Keywords: XSS, data:, vbscript
Migrated-From: http://trac.roundcube.net/ticket/1488850

Milestone changed by @alecpl on 3 Dec 2012 14:11 UTC

later => 0.9-beta

Comment by @alecpl on 4 Dec 2012 08:21 UTC

Fixed in 74cd0a9

Status changed by @alecpl on 4 Dec 2012 08:21 UTC

new => closed

@rcubetrac rcubetrac closed this Dec 4, 2012

@rcubetrac rcubetrac added this to the 0.9-beta milestone Mar 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment