We tested another mail client, Roundcube this time. The agents found a Stored Self-XSS vulnerability that could really only be exploited with Cookie Tossing.
Scary for password reset tokens...
Blog post below:
www.aikido.dev/blog/roundcu...
We found a stored XSS in Roundcube's draft attachment endpoint that, chained with a cookie tossing technique, gives an attacker full access to a victim's inbox. Here's how the exploit chain works and ...
