[Tickets #3523] NEW: login page cross site scripting vulnarable
bugs@bugs.horde.org
bugs at bugs.horde.org
Wed Feb 22 04:44:29 PST 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3523
-----------------------------------------------------------------------
Ticket | 3523
Created By | info at friethoff.com
Summary | login page cross site scripting vulnarable
Queue | Horde Framework Packages
Version | FRAMEWORK_3
State | Unconfirmed
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
info at friethoff.com (2006-02-22 04:44) wrote:
login page has an xss vulnarability.
When userame is "><img
src="http://www.google.nl/logos/olympics06_alpine.gif">
and password is "><img
src="http://www.google.nl/logos/olympics06_alpine.gif">
the image of google will be loaded.
More information about the bugs
mailing list