FreeBSD : rainloop -- cross-site-scripting (XSS) vulnerability (a8118db0-cac2-11ec-9288-0800270512f4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a8118db0-cac2-11ec-9288-0800270512f4 advisory. - The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. CVE-2022-29360 Not...

PT-2022-19563 · Rainloop · Rainloop

Name of the Vulnerable Software and Affected Versions: RainLoop versions through 1.6.0 Description: The issue allows for XSS via a crafted email message in the Email Viewer. This can potentially be exploited to steal users' emails. Recommendations: For versions through 1.6.0, update to a version...

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability ... can be easily exploited by an attacker by sending a malicious email to a victim that uses...

RainLoop Webmail < 1.13.0 XSS Vulnerability

RainLoop Webmail lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

RainLoop Webmail Cross-Site Scripting Vulnerability

RainLoop Webmail is a web-based e-mail client software. A cross-site scripting vulnerability exists in RainLoop Webmail versions prior to 1.13.0, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side co...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

UBUNTU-CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

Design/Logic Flaw

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

PT-2020-9397 · Unknown · Rainloop Webmail

Name of the Vulnerable Software and Affected Versions: RainLoop Webmail versions prior to 1.13.0 Description: The issue lacks XSS protection mechanisms, including xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Recommendations: For versions prior to...

CVE-2019-13389

Removed by vendor...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

CVE-2019-13389

Summary of CVE-2019-13389 : RainLoop Webmail prior to 1.13.0 is vulnerable due to missing XSS protections (no xlink:href validation, no X-XSS-Protection header, and no Content-Security-Policy header). The vulnerability can lead to cross-site scripting as described in multiple sources. Exploitatio...

RainLoop Webmail Detection (HTTP)

HTTP based detection of RainLoop Webmail. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...