Title: HumHub Modules Mail v0.5.8
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2014/10/31
Download: https://github.com/humhub/humhub-modules-mail
Contacted authors: 2014/10/15
----------------------------------------------------------

Description: "Private messaging system to communicate with one or more users."

HumHub Mail Module v0.5.8 is vulnerable to an XSS attack.

Vulnerable file: /views/mail/index.php

Example of vulnerable code:
    selectEntry(<?php echo $_GET['id']; ?>);

This is vulnerable because the GET parameter 'id' is not getting sanitized

PoC:

If a logged in user clicks the following link, the injected javascript is executed: 

humhub.example/index.php?r=mail/mail/index&id=function%28%29{%20alert%28document.cookie%29;%20return%201;%20}%28%29


## Solution

Update to version 0.5.9.