[Tickets #5892] Re: Linked attachment feature vulnerability

bugs at bugs.horde.org bugs at bugs.horde.org
Fri Nov 16 04:13:15 UTC 2007


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=5892
-----------------------------------------------------------------------
 Ticket             | 5892
 Updated By         | Chuck Hagenbuch <chuck at horde.org>
 Summary            | Linked attachment feature vulnerability
 Queue              | IMP
 Version            | 4.1.3
 Type               | Bug
 State              | Feedback
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


Chuck Hagenbuch <chuck at horde.org> (2007-11-15 20:13) wrote:

Poster wrote back clarifying that this is an XSS issue
(http://blog.beford.org/?p=8). I'm still not sure that this is a
vulnerability that we can solve in IMP.

To the poster: what is your suggested solution here? Any particular site
can turn off linked attachments. But any application that hosts files is
"vulnerable" to this. So what can an app do, aside from disallowing jar
files?



More information about the bugs mailing list