New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Map Area- Persistent XSS Vulnerability in mail content page,please confirm. #5240

Closed
fantasy7082 opened this Issue May 5, 2016 · 4 comments

Comments

Projects
None yet
4 participants
@fantasy7082

fantasy7082 commented May 5, 2016

Steps to reproduce:
-Compose email content via HTML mode.You can use email sending tool or other webmail to send it.The HTML content is below:
<img src=# usemap=#foo width=100%><map name="foo"><area href=javascript:alert(document.domain) shape=default>
-Send the mail to roundcube mail system
-Log in to roundcube mail system and open the mail received
-Click the area near the image in the content.The xss will be triggered

The vulnerability can be triggered in Chrome,Firefox,Safari.
The testing roundcube webmail version is 1.1.5.Link is below:
https://github.com/roundcube/roundcubemail/releases/download/1.1.5/roundcubemail-1.1.5-complete.tar.gz
The test screenshot link:http://pan.baidu.com/s/1nvQt9Eh

alecpl added a commit that referenced this issue May 6, 2016

alecpl added a commit that referenced this issue May 6, 2016

@alecpl alecpl added this to the 1.2.0 milestone May 6, 2016

@alecpl alecpl closed this May 6, 2016

yodax referenced this issue in mail-in-a-box/mailinabox Jun 10, 2016

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Jun 11, 2017

No CVE assigned?

fgeek commented Jun 11, 2017

No CVE assigned?

@thomascube

This comment has been minimized.

Show comment
Hide comment
@thomascube

thomascube Jun 12, 2017

Member

That's likely CVE-2016-4552

Member

thomascube commented Jun 12, 2017

That's likely CVE-2016-4552

@thomascube

This comment has been minimized.

Show comment
Hide comment
@thomascube

thomascube Jun 12, 2017

Member

... and also CVE-2016-5103

Member

thomascube commented Jun 12, 2017

... and also CVE-2016-5103

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Jun 22, 2017

@thomascube Thank you and have a nice weekend.

fgeek commented Jun 22, 2017

@thomascube Thank you and have a nice weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment