#1488850 closed Bugs (fixed)

Two XSS vectors targeting IE and Firefox Users

Reported by: enriquerando Owned by:
Priority: 1 - Highest Milestone: 0.9-beta
Component: Security Version: 0.8.4
Severity: major Keywords: XSS, data:, vbscript
Cc:

Description

Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Attachments (1)

RoundCube2XSS.pdf (253.2 KB) - added by enriquerando 23 months ago.
Details

Download all attachments as: .zip

Change History (3)

Changed 23 months ago by enriquerando

Details

comment:1 Changed 23 months ago by alec

  • Milestone changed from later to 0.9-beta
  • Priority changed from 5 to 1 - Highest

comment:2 Changed 23 months ago by alec

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.