Roundcube webmail appears to have a cross site scripting vulnerability.
777fc2da5faaae60f518d3791b40609b950f3c149356b76cdc5a1792d53ed4d9
There is an XSS vulnerability in roundcube webmail:
http://demo.roundcube.net/?_task=');alert(%22XSS%22)//
Btw, we've been posting 0-day XSS vulnerabilities at
http://sla.ckers.org/forum/list.php?3 to take it out of the full
disclosure list since lots of people don't want to see the sheer volume
of reports. We've got close to a thousand companies and counting.
We're just trying to cut down on the noise to people's inboxes. That is
all.
-RSnake
http://ha.ckers.org
http://sla.ckers.org