[Tickets #5892] Re: Linked attachment feature vulnerability
bugs at bugs.horde.org
bugs at bugs.horde.org
Fri Nov 16 04:13:15 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5892
-----------------------------------------------------------------------
Ticket | 5892
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | Linked attachment feature vulnerability
Queue | IMP
Version | 4.1.3
Type | Bug
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2007-11-15 20:13) wrote:
Poster wrote back clarifying that this is an XSS issue
(http://blog.beford.org/?p=8). I'm still not sure that this is a
vulnerability that we can solve in IMP.
To the poster: what is your suggested solution here? Any particular site
can turn off linked attachments. But any application that hosts files is
"vulnerable" to this. So what can an app do, aside from disallowing jar
files?
More information about the bugs
mailing list