[Tickets #5063] Re: HTML INJECT Vulenrability
bugs at bugs.horde.org
bugs at bugs.horde.org
Tue Mar 6 06:53:52 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5063
-----------------------------------------------------------------------
Ticket | 5063
Updated By | asaamd at arpatech.com
Summary | HTML INJECT Vulenrability
Queue | IMP
Version | 4.1
Type | Bug
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
asaamd at arpatech.com (2007-03-05 22:53) wrote:
Yes it does allows a phishing attack and would end up in abused site but
when an
authenticated used would click on a malformed url the html would be
injected in the same
session which could lead to html code inject on the client side.
Abdus Samad
ARPATECH
More information about the bugs
mailing list