9 lines
No EOL
600 B
Text
9 lines
No EOL
600 B
Text
source: https://www.securityfocus.com/bid/26800/info
|
|
|
|
Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.
|
|
|
|
Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.
|
|
|
|
Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30877.eml |