According to application security firm Sonar, an unpatched vulnerability in the RainLoop webmail client can be exploited to hijack a user’s session and steal their emails.
Many firms utilize RainLoop, an open-source web-based email client. Using the Shodan search engine, Sonar claimed to have discovered hundreds of internet-exposed instances. RainLoop 1.16.0 is afflicted with a stored cross-site scripting (XSS) vulnerability that can be exploited against default configurations, according to Sonar’s experts.
Read More: https://www.securityweek.com/unpatched-vulnerability-allows-hackers-steal-emails-rainloop-users