[Tickets #3523] login page cross site scripting vulnarable
bugs@bugs.horde.org
bugs at bugs.horde.org
Wed Feb 22 05:17:36 PST 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3523
-----------------------------------------------------------------------
Ticket | 3523
Updated By | info at friethoff.com
Summary | login page cross site scripting vulnarable
Queue | Horde Framework Packages
Version | FRAMEWORK_3
State | Feedback
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
info at friethoff.com (2006-02-22 05:17) wrote:
> I can't reproduce this. Where and when exactly do you see the image?
when you put the following line in the username and in the password box:
"><img src="http://www.google.nl/logos/olympics06_alpine.gif">
including all " and > the image will appear on the site
i'm using horde 3.09 and the default login page
More information about the bugs
mailing list