GHSA-j43g-prf4-578j

GHSA-j43g-prf4-578j PUBLISHED

Exploit Intelligence

segunakinsoyinu/CVE-2024-42009-roundcube-xss (github-poc-repo)
segunakinsoyinu/CVE-2024-42009-roundcube-xss (github-poc-repo)
segunakinsoyinu/CVE-2024-42009-roundcube-xss (github-poc)
segunakinsoyinu/CVE-2024-42009-roundcube-xss (github-poc)
This script exploits a stored XSS vulnerability (CVE-2024-42009) in Roundcube Webmail version 1.6.7. It injects a malicious payload into the webmail system, which, when triggered, exfiltrates email content from the victim’s inbox. (github-poc-repo)
This script exploits a stored XSS vulnerability (CVE-2024-42009) in Roundcube Webmail version 1.6.7. It injects a malicious payload into the webmail system, which, when triggered, exfiltrates email content from the victim’s inbox. (github-poc-repo)
This Proof of Concept (PoC) demonstrates an exploit for CVE-2024-42009, leveraging a cross-site scripting (XSS) vulnerability to extract emails from a target webmail application. The attack injects a malicious payload that exfiltrates email content to an attacker-controlled listener. (github-poc-repo)
This Proof of Concept (PoC) demonstrates an exploit for CVE-2024-42009, leveraging a cross-site scripting (XSS) vulnerability to extract emails from a target webmail application. The attack injects a malicious payload that exfiltrates email content to an attacker-controlled listener. (github-poc-repo)
The scripts in this repository are made to abuse CVE-2024-42008 and CVE-2024-42009. Both of these CVEs are vulnerabilities found on Roundcube 1.6.7 (github-poc-repo)
The scripts in this repository are made to abuse CVE-2024-42008 and CVE-2024-42009. Both of these CVEs are vulnerabilities found on Roundcube 1.6.7 (github-poc-repo)

…and 30 more exploits

Timeline

CVE Published
Apr 10, 2026 Security Advisory

Open in Interactive Console →