CSRF is possible
|Reported by:||jm-security||Owned by:|
I just made a quick test and I've seen that you RoundCube is sensitive to CSRF attacks.
A really harmless example :
- Send a mail with an HTML link : http://webmail_address/?_task=logout
When client will open the mail thanks to roundcube, he'll be disconnected.
I really think that you can delete user's mail.