PT-2022-19563 · Rainloop · Rainloop
Simon Scannell
·
Published
2022-04-22
·
Updated
2023-05-28
·
CVE-2022-29360
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RainLoop versions through 1.6.0
Description
The issue allows for XSS via a crafted email message in the Email Viewer. This can potentially be exploited to steal users' emails.
Recommendations
For versions through 1.6.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the use of the Email Viewer until a patch is available. Avoid using the Email Viewer with crafted email messages until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rainloop