Published: 25/08/2012 Updated: 29/08/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote malicious users to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Vulnerable Product	Search on Vulmon	Subscribe to Product
roundcube webmail 0.8.0

Debian Bug report logs - #685475 roundcube: CVE-2012-3508 Package: roundcube; Maintainer for roundcube is Debian Roundcube Maintainers <pkg-roundcube-maintainers@listsaliothdebianorg>; Source for roundcube is src:roundcube (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 21 Aug 201 ...

#!/usr/bin/python ''' # Exploit Title: Roundcube Webmail Stored XSS # Date: 14/08/2012 # Exploit Author: Shai rod (@NightRang3r) # Vendor Homepage: roundcubenet # Software Link: sourceforgenet/projects/roundcubemail/files/roundcubemail/080/roundcubemail-080targz/download # Version: 080 #Gr33Tz: @aviadgolan , @benhayak, @ ...

CWE-79 http://trac.roundcube.net/ticket/1488613 http://sourceforge.net/news/?group_id=139281&id=309011 http://www.securelist.com/en/advisories/50279 http://secunia.com/advisories/50279 http://www.openwall.com/lists/oss-security/2012/08/20/2 http://www.openwall.com/lists/oss-security/2012/08/20/9 https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685475 https://nvd.nist.gov https://www.exploit-db.com/exploits/20549/

CVE-2012-3508

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect