Unpatched Vulnerability Enables Hackers to Steal RainLoop User Emails

Unpatched Vulnerability Enables Hackers to Steal RainLoop User Emails-01

According to application security firm Sonar, an unpatched vulnerability in the RainLoop webmail client can be exploited to hijack a user’s session and steal their emails.

Many firms utilize RainLoop, an open-source web-based email client. Using the Shodan search engine, Sonar claimed to have discovered hundreds of internet-exposed instances. RainLoop 1.16.0 is afflicted with a stored cross-site scripting (XSS) vulnerability that can be exploited against default configurations, according to Sonar’s experts.

An attacker might simply send a specially crafted email to a RainLoop user to exploit the bug. When a victim opens the infected email, a hidden JavaScript payload is executed in the browser without any additional user involvement.

Read More: https://www.securityweek.com/unpatched-vulnerability-allows-hackers-steal-emails-rainloop-users