CVE-2020-13965 PoC — Roundcube Webmail 跨站脚本漏洞

Source

https://github.com/mbadanoiu/CVE-2020-13965

Associated Vulnerability

Title:Roundcube Webmail 跨站脚本漏洞 (CVE-2020-13965)
Description:An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

Description

CVE-2020-13965: Cross-Site Scripting via Malicious XML Attachment in Roundcube Webmail

Readme

# CVE-2020-13965: Cross-Site Scripting via Malicious XML Attachment in Roundcube Webmail

A Cross-Site scripting (XSS) vulnerability exists in Roundcube versions before 1.4.5 and 1.3.12.

By leveraging the parsing of "text/xml" attachment, an attacker can bypass the Roundcube script filter and execute arbitrary malicious JavaScript in the victim's browser when the malicious attachment is clicked/previewed.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12).

### Requirements:

This vulnerability requires:
<br/>
- Waiting for a Roundcube user to open the attachment containg the XSS

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-13965/blob/main/Roundcube%20Disclosures%20-%20CVE-2020-13965.pdf).

File Snapshot


 [4.0K]  /data/pocs/bfa1dc06bef71f1993fa8c0e3488697ad1f07a40
├── [ 909]  README.md
└── [482K]  Roundcube Disclosures - CVE-2020-13965.pdf

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!