[Tickets #11189] XSS vulnerability in Tasks view

bugs at horde.org bugs at horde.org
Thu May 10 16:09:24 UTC 2012


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11189
------------------------------------------------------------------------------
  Ticket             | 11189
  Created By         | ctimoteo at sapo.pt
  Summary            | XSS vulnerability in Tasks view
  Queue              | Kronolith
  Version            | Git master
  Type               | Enhancement
  State              | New
  Priority           | 3. High
  Milestone          |
  Patch              | 1
  Owners             |
------------------------------------------------------------------------------


ctimoteo at sapo.pt (2012-05-10 16:09) wrote:

Hello,

I detected one possible XSS vulnerability in Kronolith,

In the Task view if i create tasks with some javascript code in task  
description,

the javascript code is executed when listing the tasks (or after a toggle),

i provide one patch to solve-it

Goodbye.

--
Carlos Timóteo



ctimoteo at sapo.pt (2012-05-10 16:09) uploaded: kronolith.js.patch.txt

http://bugs.horde.org/h/services/download/?module=whups&actionID=download_file&file=kronolith.js.patch.txt&ticket=11189&fn=%2Fkronolith.js.patch.txt





More information about the bugs mailing list