Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Aug 2013 12:59:43 -0400 (EDT)
Subject: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws

Hash: SHA1


The first CVE assignment for this is CVE-2013-5645. The scope of this
CVE includes:

  Fix XSS vulnerability when editing a message "as new" or draft

  "rcmail_wash_html($body, array('safe' => 1), $cid_map);"
  added in

The scope of this CVE also includes:

  Fix XSS vulnerability when saving HTML signatures

  added in

to the extent that this can cross privilege boundaries within the
Roundcube webmail product.

All aspects of CVE-2013-5645 were discovered by und3r. These are all
CVE-2013-5645 references:

The scope of CVE-2013-5645 does not include any additional
exploitation approaches (if any) in Roundcube webmail, or other
products, that are related to:

  'This kind of problem is present in all parts where there is
  the "MCE" editor (or, more specifically, where there is a
  <textarea> with the CSS class "mce_editor").'

That may possibly have other CVE assignments if someone investigates
it at a later time.

Finally, there is a separate CVE assignment of CVE-2013-5646 for this
other issue with different affected versions:

  As far as we can tell from the history, the
  addressbook group vulnerability was discovered by dennis1993
  and affects only version 1.0-git (not version 0.9.2). There is
  no direct statement that the addressbook group vulnerability
  was fixed. It seems likely that the addressbook group
  vulnerability could cross privilege boundaries if the "click on
  this group after creation" action were performed by an
  administrator who was visiting the addressbook of an
  unprivileged user. is the only CVE-2013-5646
reference that we know of at the moment.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.