[1.5.3v] This vulnerability works under different conditions
Opened this issue · 0 comments
TheOdemMove commented
I tried to test this vulnerability on 1.5.3 but did not get the expected result.
I tried to reproduce it and I didn't get the Alert.
But, after I added the link, as it was in the spam email I received earlier, it worked.
So, you need to add the following to this vulnerability:
#2 fix link in the message text
message = "\n[<script>alert('CVE-2023-43770 POC')</script>] https://roundcube.net\n"
I also leave a link to the fix of this vulnerability:
https://github.com/roundcube/roundcubemail/commit/e92ec206a886