Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Input-validation vulnerability in Roundcube Webmail - exploit.company
header-logo
Suggest Exploit
vendor:
Roundcube Webmail
by:
7.5
CVSS
HIGH
Input-validation vulnerability
79
CWE
Product Name: Roundcube Webmail
Affected Version From: 0.1rc2
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:roundcube_webmail_project:roundcube_webmail:0.1rc2
Metasploit:
Other Scripts:
Platforms Tested:

Input-validation vulnerability in Roundcube Webmail

The Roundcube Webmail application is prone to an input-validation vulnerability that allows attackers to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and other possible attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize HTML email messages before displaying them to users. Additionally, keeping the Roundcube Webmail application up-to-date with the latest security patches is important.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26800/info

Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.

Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.

Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30877.eml

Navigation

Suggest Exploit

Services By CQR