QID 731153
Date Published: 2024-02-14
QID 731153: Roundcube Webmail rcube_string_replacer.php Persistent Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides functionality such as MIME support, address book, folder management, message searching and spell checking.
This vulnerability exists in the program/lib/Roundcube/rcube_string_replacer.php source file that handles linkrefs in plain text messages due to insufficient sanitization of user supplied input. An unauthenticated, remote attacker exploit this vulnerability by transmitting malicious emails containing a crafted link to load arbitrary JavaScript code. Successful exploitation could allow the attacker to execute arbitrary JavaScript code.
Affected versions:
Roundcube Webmail prior to 1.4.14
Roundcube Webmail 1.5.x before 1.5.4
Roundcube Webmail 1.6.x before 1.6.3
Detection Logic:
This unauthenticated QID detects vulnerable versions via the self-reported version string disclosed by Roundcube.
Successful exploitation allows an unauthenticated, remote attacker to gain unauthorized access, session hijacking, or the steal sensitive information by executing arbitrary JavaScript code.
- Security update 1.6.3 released -
roundcube.net/news/2023/09/15/security-update-1.6.3-released
CVEs related to QID 731153
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Roundcube Webmail 1.6.3 or later |
github.com/roundcube/roundcubemail/releases/tag/1.6.3 |