Roundcube Webmail 0.1 - CSS Expression Input Validation

EDB-ID:

30877




Platform:

PHP

Date:

2007-11-10


source: https://www.securityfocus.com/bid/26800/info

Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.

Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.

Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30877.eml