Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
XSS via _mbox-parameter in Roundcube v.1.1.1 #4837
Reported by sroesemann on 30 May 2015 11:30 UTC as Trac ticket #1490417
The XSS-vulnerability can be triggered by appending malicious script code to the _mbox-parameter. The following example will pop an alert box:
Attackers could use this vulnerability to steal cookies or extract email-content.
Used browsers: Mozilla Firefox v. 38.0.1, Apple Safari 8.0.6 on Mac OSX 10.10.
Keywords: XSS, Vulnerability