CVE-2020-12625 PoC — Roundcube Webmail 跨站脚本漏洞

Source

https://github.com/mbadanoiu/CVE-2020-12625

Associated Vulnerability

Title:Roundcube Webmail 跨站脚本漏洞 (CVE-2020-12625)
Description:Roundcube Webmail是一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.4.4之前版本中的rcube_washtml.php文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Description

CVE-2020-12625: Cross-Site Scripting via Malicious HTML Attachment in Roundcube Webmail

Readme

# CVE-2020-12625: Cross-Site Scripting via Malicious HTML Attachment in Roundcube Webmail

A Cross-Site scripting (XSS) vulnerability exists in Roundcube versions before 1.4.4, 1.3.11 and 1.2.10.

By leveraging the "<\![CDATA[...]]>" XML element in a mail with a "text/html" attachment, an attacker can bypass the Roundcube script filter and execute arbitrary malicious JavaScript in the victim's browser when the malicious email is clicked.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10).

### Requirements:

This vulnerability requires:
<br/>
- Waiting for a Roundcube user to open the email containg the XSS

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-12625/blob/main/Roundcube%20Disclosures%20-%20CVE-2020-12625.pdf).

File Snapshot


 [4.0K]  /data/pocs/b15cab1b76d4453b66b9d6ea0115ce0374657f0f
├── [ 942]  README.md
└── [1.3M]  Roundcube Disclosures - CVE-2020-12625.pdf

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!