#1488850 closed Bugs (fixed)

Two XSS vectors targeting IE and Firefox Users

Reported by: enriquerando Owned by:
Priority: 1 - Highest Milestone: 0.9-beta
Component: Security Version: 0.8.4
Severity: major Keywords: XSS, data:, vbscript


Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Attachments (1)

RoundCube2XSS.pdf (253.2 KB) - added by enriquerando 23 months ago.

Download all attachments as: .zip

Change History (3)

Changed 23 months ago by enriquerando


comment:1 Changed 23 months ago by alec

  • Milestone changed from later to 0.9-beta
  • Priority changed from 5 to 1 - Highest

comment:2 Changed 23 months ago by alec

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.