CVE-2020-13965 PoC — Roundcube Webmail 跨站脚本漏洞

Source

https://github.com/mbadanoiu/CVE-2020-13965

Associated Vulnerability

Title:Roundcube Webmail 跨站脚本漏洞 (CVE-2020-13965)
Description:Roundcube Webmail是一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.3.12之前版本和1.4.5之前的1.4.x版本中存在跨站脚本漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。

Description

CVE-2020-13965: Cross-Site Scripting via Malicious XML Attachment in Roundcube Webmail

Readme

# CVE-2020-13965: Cross-Site Scripting via Malicious XML Attachment in Roundcube Webmail

A Cross-Site scripting (XSS) vulnerability exists in Roundcube versions before 1.4.5 and 1.3.12.

By leveraging the parsing of "text/xml" attachment, an attacker can bypass the Roundcube script filter and execute arbitrary malicious JavaScript in the victim's browser when the malicious attachment is clicked/previewed.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12).

### Requirements:

This vulnerability requires:
<br/>
- Waiting for a Roundcube user to open the attachment containg the XSS

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-13965/blob/main/Roundcube%20Disclosures%20-%20CVE-2020-13965.pdf).

File Snapshot


 [4.0K]  /data/pocs/bfa1dc06bef71f1993fa8c0e3488697ad1f07a40
├── [ 909]  README.md
└── [482K]  Roundcube Disclosures - CVE-2020-13965.pdf

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!