9 lines
No EOL
560 B
Text
Executable file
9 lines
No EOL
560 B
Text
Executable file
source: http://www.securityfocus.com/bid/26800/info
|
|
|
|
Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.
|
|
|
|
Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.
|
|
|
|
Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.exploit-db.com/sploits/30877.eml |