[Tickets #11189] XSS vulnerability in Tasks view
bugs at horde.org
bugs at horde.org
Thu May 10 16:09:24 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11189
------------------------------------------------------------------------------
Ticket | 11189
Created By | ctimoteo at sapo.pt
Summary | XSS vulnerability in Tasks view
Queue | Kronolith
Version | Git master
Type | Enhancement
State | New
Priority | 3. High
Milestone |
Patch | 1
Owners |
------------------------------------------------------------------------------
ctimoteo at sapo.pt (2012-05-10 16:09) wrote:
Hello,
I detected one possible XSS vulnerability in Kronolith,
In the Task view if i create tasks with some javascript code in task
description,
the javascript code is executed when listing the tasks (or after a toggle),
i provide one patch to solve-it
Goodbye.
--
Carlos Timóteo
ctimoteo at sapo.pt (2012-05-10 16:09) uploaded: kronolith.js.patch.txt
http://bugs.horde.org/h/services/download/?module=whups&actionID=download_file&file=kronolith.js.patch.txt&ticket=11189&fn=%2Fkronolith.js.patch.txt
More information about the bugs
mailing list