header-logo
Suggest Exploit
vendor:
Roundcube Webmail
by:
7.5
CVSS
HIGH
Input-validation vulnerability
79
CWE
Product Name: Roundcube Webmail
Affected Version From: 0.1rc2
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:roundcube_webmail_project:roundcube_webmail:0.1rc2
Metasploit:
Other Scripts:
Platforms Tested:

Input-validation vulnerability in Roundcube Webmail

The Roundcube Webmail application is prone to an input-validation vulnerability that allows attackers to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and other possible attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize HTML email messages before displaying them to users. Additionally, keeping the Roundcube Webmail application up-to-date with the latest security patches is important.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26800/info

Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.

Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.

Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30877.eml