Home / exploits Roundcube Webmail 0.9.2 Cross Site Scripting
Posted on 18 July 2013
* Roundcube Webmail 0.9.2 XSS Vulnerability * ======================================================== * * Site: http://www.roundcube.net * Discovered by: Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==) * Follow me: http://www.linkedin.com/in/andreamenin * * ======================================================== Report-Timeline: ---------------- 2013-07-18: Reported on Roundcube Track system (#1489251) Introduction: ------------- Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. Description: ------------ i've found a XSS Vulnerability inside the "identity" configuration page. Into the "Sign" textarea, enabling HTML Sign, i've click on "HTML" button on the editor and i've write this HTML code: test<b onmouseover="alert(document.cookie)">asd</b> once you save it, when you move your mouse on the word "asd", the JavaScript "alert(document.cookie)" will be executed by the client. Every time you visit the "identity configuration page" the XSS is active. when you save the new "html sign" and write a new html mail, the XSS is still present and when you move your mouse over the sign, the JavaScript XSS code will be executed by the client (see the attachments). Screenshot XSS Vulnerability: ----------------------------- http://goo.gl/akomO http://goo.gl/jpp83 CREDITS: --------- This vulnerabilities has been discovered by Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==) LEGAL NOTICES: --------------- The Author accepts no responsibility for any damage caused by the use or misuse of this information.
