Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability

2014-07-01T00:00:00
ID SSV:84235
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/26800/info

Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.

Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.

Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.

http://www.exploit-db.com/sploits/30877.eml