FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rainloop -- cross-site-scripting (XSS) vulnerability

Affected packages
rainloop-community-php74 < 1.16.0_2
rainloop-community-php80 < 1.16.0_2
rainloop-community-php81 < 1.16.0_2
rainloop-php74 < 1.16.0_2
rainloop-php80 < 1.16.0_2
rainloop-php81 < 1.16.0_2


VuXML ID a8118db0-cac2-11ec-9288-0800270512f4
Discovery 2022-04-19
Entry 2022-05-03

Simon Scannell reports:

The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links.


CVE Name CVE-2022-29360