A critical Cross-Site Scripting (XSS) vulnerability has been found in Roundcube Webmail, enabling attackers to inject and execute arbitrary JavaScript upon viewing a malicious email. This vulnerability could lead to the theft of emails, contacts, and passwords, as well as unauthorized email sending from the victim's account.
🛠 PoC:
<body title="bgcolor=foo" name="bar style=animation-name:progress-bar-stripes onanimationstart=alert(origin) foo=bar"> Foo </body>
🔗 Source:
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
#roundcube #xss #cve #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10🔥4❤1