Researchers have discovered an XSS vulnerability in RainLoop Webmail

Security researchers have discovered a serious XSS vulnerability stored in the RainLoop webmail platform. Unfortunately, the researchers confirmed that they were not aware of any bug fixes until they were disclosed. This means that users of the vulnerable platform should remain cautious as the threat of malicious exploitation persists.

XSS RainLoop Vulnerability Stored

According to details shared in a recent Publishthe SonarSource team has detected a persistent cross-site scripting (XSS) vulnerability affecting the RainLoop webmail platform.

RainLoop is a simple, open-source web-based email client that facilitates rapid communications in various organizations.

As elaborated, the XSS flaw (CVE-2022-29360) appeared in the platform’s code due to a logical bug post-cleanup process. Exploiting this vulnerability simply required an adversary to send a maliciously crafted email to the target system. Once the victim opens the email, the embedded malicious JavaScript payload runs and the attacker takes control of the victim’s system. In turn, this allows the adversary to steal emails without user interaction.

The following video illustrates the attack scenario.

Recommended attenuation

Researchers have confirmed that the vulnerability has not been patched until publicly disclosed. Despite repeated attempts to contact vendors, they received no response regarding a fix.

This means that all RainLoop Webmail users remain exposed to potential exploits. Therefore, researchers have shared a temporary workaround for users to mitigate the flaw until an official fix arrives from vendors.

Specifically, they advise users to upgrade to SnappyMail – a RainLoop fork unaffected by the stored XSS vulnerability. While to mitigate the fix, the researchers have shared the respective code and the procedure to apply the fix, in their post. However, they urge users to try this unofficial patch at their own risk.

Also, to avoid similar bugs, the researchers advise developers not to modify the data after the cleanup.

We recommend that developers do not modify any data after it has been sanitized, as any modification could reverse the sanitization step. Also, it is recommended to work with a DOM tree object, rather than operating on HTML text, as this leaves much more room for error.

Let us know your thoughts in the comments.