EUVD-2019-4883

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-13389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS- Protection header, and the Content-Security-Policy...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

RainLoop Webmail 跨站脚本漏洞

RainLoop Webmail is a web-based email client software. A cross-site scripting vulnerability exists in RainLoop Webmail 1.6.0 and earlier versions, which stems from a failure to properly clean up when processing HTML content, and can be exploited by an attacker to take control of a victim's sessio...

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability ... can be easily exploited by an attacker by sending a malicious email to a victim that uses...

RainLoop Webmail Cross-Site Scripting Vulnerability

RainLoop Webmail is a web-based e-mail client software. A cross-site scripting vulnerability exists in RainLoop Webmail versions prior to 1.13.0, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side co...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

UBUNTU-CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

Design/Logic Flaw

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

PT-2020-9397 · Unknown · Rainloop Webmail

Name of the Vulnerable Software and Affected Versions: RainLoop Webmail versions prior to 1.13.0 Description: The issue lacks XSS protection mechanisms, including xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Recommendations: For versions prior to...

CVE-2019-13389

Removed by vendor...

CVE-2019-13389

Summary of CVE-2019-13389 : RainLoop Webmail prior to 1.13.0 is vulnerable due to missing XSS protections (no xlink:href validation, no X-XSS-Protection header, and no Content-Security-Policy header). The vulnerability can lead to cross-site scripting as described in multiple sources. Exploitatio...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

RainLoop Webmail Detection (HTTP)

HTTP based detection of RainLoop Webmail. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...