Opened 2 years ago

Closed 2 years ago

#1488850 closed Bugs (fixed)

Two XSS vectors targeting IE and Firefox Users

Reported by: enriquerando Owned by:
Priority: 1 - Highest Milestone: 0.9-beta
Component: Security Version: 0.8.4
Severity: major Keywords: XSS, data:, vbscript
Cc:

Description

Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Attachments (1)

RoundCube2XSS.pdf (253.2 KB) - added by enriquerando 2 years ago.
Details

Download all attachments as: .zip

Change History (3)

Changed 2 years ago by enriquerando

Details

comment:1 Changed 2 years ago by alec

  • Milestone changed from later to 0.9-beta
  • Priority changed from 5 to 1 - Highest

comment:2 Changed 2 years ago by alec

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.