vulnerability
FreeBSD: VID-a8118db0-cac2-11ec-9288-0800270512f4 (CVE-2022-29360): rainloop -- cross-site-scripting (XSS) vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | May 3, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
May 3, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links.
Solutions
freebsd-upgrade-package-rainloop-php74freebsd-upgrade-package-rainloop-php80freebsd-upgrade-package-rainloop-php81freebsd-upgrade-package-rainloop-community-php74freebsd-upgrade-package-rainloop-community-php80freebsd-upgrade-package-rainloop-community-php81
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.