[Tickets #14857] Re: Multiple XSS security vulnerabilities

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Sep 26 00:23:39 UTC 2018


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
  Ticket             | 14857
  Updated By         | Git Commit <commits at lists.horde.org>
  Summary            | Multiple XSS security vulnerabilities
  Queue              | Horde Groupware
  Version            | 5.2.22
  Type               | Bug
  State              | Assigned
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             | Michael Rubinsky
------------------------------------------------------------------------------


Git Commit <commits at lists.horde.org> (2018-09-26 00:23) wrote:

Changes have been made in Git (master):

commit 17bf57c1fe0e5febbef6efeed76cbd98b0422e85
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date:   Tue, 25 Sep 2018 20:23:33 -0400

Bug: 14857

Escape user-provided resource name when outputting. Prevents XSS vuln.

  M js/kronolith.js

https://github.com/horde/kronolith/commit/17bf57c1fe0e5febbef6efeed76cbd98b0422e85





More information about the bugs mailing list