Unpatched RainLoop Webmail Enables Theft of Emails

Researchers Have Identified a Cross-Site Scripting Vulnerability
Researchers have uncovered a code vulnerability in RainLoop, an open-source webmail client used by several organizations to exchange sensitive messages and files via email. Security researchers at SonarSource say that this vulnerability allows attackers to steal emails from the inboxes of victims.
http://dlvr.it/SP48fp