Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Map Area- Persistent XSS Vulnerability in mail content page,please confirm. #5240

Closed
fantasy7082 opened this issue May 5, 2016 · 4 comments

Comments

@fantasy7082
Copy link

Steps to reproduce:
-Compose email content via HTML mode.You can use email sending tool or other webmail to send it.The HTML content is below:
<img src=# usemap=#foo width=100%><map name="foo"><area href=javascript:alert(document.domain) shape=default>
-Send the mail to roundcube mail system
-Log in to roundcube mail system and open the mail received
-Click the area near the image in the content.The xss will be triggered

The vulnerability can be triggered in Chrome,Firefox,Safari.
The testing roundcube webmail version is 1.1.5.Link is below:
https://github.com/roundcube/roundcubemail/releases/download/1.1.5/roundcubemail-1.1.5-complete.tar.gz
The test screenshot link:http://pan.baidu.com/s/1nvQt9Eh

alecpl added a commit that referenced this issue May 6, 2016
alecpl added a commit that referenced this issue May 6, 2016
@alecpl alecpl added this to the 1.2.0 milestone May 6, 2016
@alecpl alecpl closed this as completed May 6, 2016
yodax referenced this issue in mail-in-a-box/mailinabox Jun 10, 2016
@fgeek
Copy link

fgeek commented Jun 11, 2017

No CVE assigned?

@thomascube
Copy link
Member

That's likely CVE-2016-4552

@thomascube
Copy link
Member

... and also CVE-2016-5103

@fgeek
Copy link

fgeek commented Jun 22, 2017

@thomascube Thank you and have a nice weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants