Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-42009 PoC — Roundcube Webmail 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-42009.yaml
Associated Vulnerability
Title:Roundcube Webmail 安全漏洞 (CVE-2024-42009)
Description:Roundcube Webmail是一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.7及之前版本和1.6.8之前的1.6.x版本存在安全漏洞,该漏洞源于存在跨站脚本漏洞,远程攻击者可以通过精心设计的电子邮件消息窃取并发送受害者的电子邮件。
Description
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
File Snapshot

 id: CVE-2024-42009

info:
  name: Roundcube Webmail - Cross-Site Scripting
  author: rxerium
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.