[Tickets #5063] Re: HTML INJECT Vulenrability

bugs at bugs.horde.org bugs at bugs.horde.org
Tue Mar 6 06:53:52 UTC 2007


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=5063
-----------------------------------------------------------------------
 Ticket             | 5063
 Updated By         | asaamd at arpatech.com
 Summary            | HTML INJECT Vulenrability
 Queue              | IMP
 Version            | 4.1
 Type               | Bug
 State              | Feedback
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


asaamd at arpatech.com (2007-03-05 22:53) wrote:

Yes it does allows a phishing attack and would end up in abused site but
when an
authenticated used would click on a malformed url the html would be
injected in the same
session which could lead to html code inject on the client side.

Abdus Samad
ARPATECH




More information about the bugs mailing list