View Issue Details

IDProjectCategoryView StatusLast Update
0002368SOGoWeb Mailpublic2013-07-16 11:33
Reporterispoljaric Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.6 
Fixed in Version2.0.7 
Summary0002368: Persistant XSS in sender field.
Description

If the evil guy sends an email with From header with following code(1), the web interface will render both the image and execute DOM event (tested with onload and onmouseover).

1)"<IMG onmouseover="alert('foo');" SRC=http://i.imgur.com/Spxb03S.jpg>&quot;

Steps To Reproduce

Im using thunderbird, but it could be done manually, scripted or with another email client.

Steps to reproduce with thunderbird:

1) Change the from header to the malicious code with Edit->Account Settings-> Your Name and enter :
<IMG onmouseover="alert('foo');" SRC=http://i.imgur.com/Spxb03S.jpg>
2) Send a normal email to your sogo email address.
3) Open Sogo WebUI, popup appears, depending if its onmouseover or onload.

Additional Information

Screenshot provided in attachment.

TagsNo tags attached.

Activities

Issue History

Date Modified Username Field Change
2013-07-15 09:17 ispoljaric New Issue
2013-07-15 09:17 ispoljaric File Added: sogo_xss_test.png
2013-07-16 11:33 ludovic Note Added: 0005750
2013-07-16 11:33 ludovic Status new => closed
2013-07-16 11:33 ludovic Resolution open => fixed
2013-07-16 11:33 ludovic Fixed in Version => 2.0.7