9 lines
No EOL
616 B
Text
9 lines
No EOL
616 B
Text
source: http://www.securityfocus.com/bid/26800/info
|
|
|
|
Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.
|
|
|
|
Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.
|
|
|
|
Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30877.eml |