Opened 3 years ago

Closed 3 years ago

#1488850 closed Bugs (fixed)

Two XSS vectors targeting IE and Firefox Users

Reported by: enriquerando Owned by:
Priority: 1 - Highest Milestone: 0.9-beta
Component: Security Version: 0.8.4
Severity: major Keywords: XSS, data:, vbscript


Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Attachments (1)

RoundCube2XSS.pdf (253.2 KB) - added by enriquerando 3 years ago.

Download all attachments as: .zip

Change History (3)

Changed 3 years ago by enriquerando


comment:1 Changed 3 years ago by alec

  • Milestone changed from later to 0.9-beta
  • Priority changed from 5 to 1 - Highest

comment:2 Changed 3 years ago by alec

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.