CVE-2007-6321

RoundCube webmail <2007-12-09 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6321. PoCs published by Tomas Kuliavas.

AI-analyzed exploit summary The provided text describes an XSS vulnerability in Roundcube Webmail 0.1rc2 due to insufficient HTML sanitization in email messages. Attackers can exploit this to execute arbitrary script code in a user's browser, potentially stealing credentials.

Description

Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tomas Kuliavas · textwebappsphp

https://www.exploit-db.com/exploits/30877

View Code ZIP pw:eip

The provided text describes an XSS vulnerability in Roundcube Webmail 0.1rc2 due to insufficient HTML sanitization in email messages. Attackers can exploit this to execute arbitrary script code in a user's browser, potentially stealing credentials.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Roundcube Webmail 0.1rc2

No auth needed

Prerequisites: User interaction required to view malicious email

MITRE ATT&CK