[Tickets #3751] NEW: XSS via X-color
bugs@bugs.horde.org
bugs at bugs.horde.org
Mon Apr 10 07:09:10 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3751
-----------------------------------------------------------------------
Ticket | 3751
Created By | miksir at maker.ru
Summary | XSS via X-color
Queue | IMP
Version | 4.1
State | Unconfirmed
Priority | 1. Low
Type | Bug
Owners |
-----------------------------------------------------------------------
miksir at maker.ru (2006-04-10 07:09) wrote:
No checks in X-color field. (If show_account_colors on)
X-Color field may be created by remote client .
For example:
X-color: "><script>alert("hello");</script><"
More information about the bugs
mailing list