[Tickets #5063] Re: HTML INJECT Vulenrability
bugs at bugs.horde.org
bugs at bugs.horde.org
Mon Mar 5 14:00:17 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5063
-----------------------------------------------------------------------
Ticket | 5063
Updated By | Jan Schneider <jan at horde.org>
Summary | HTML INJECT Vulenrability
Queue | IMP
Version | 4.1
Type | Bug
-State | Unconfirmed
+State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2007-03-05 06:00) wrote:
I don't see how this allows HTML injection. Users' are redirected to sites
provided by the url parameter, which could be abused for phishing attacks,
and we should probably fix this the same way like we recently did in
horde/index.php.
But I can't see how this allow injection. And please always check the
latest version when reporting a security issue.
More information about the bugs
mailing list