[Tickets #14857] Re: Multiple XSS security vulnerabilities

noreply at bugs.horde.org noreply at bugs.horde.org
Sun Sep 30 20:53:09 UTC 2018


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
  Ticket             | 14857
  Updated By         | 610code at gmail.com
  Summary            | Multiple XSS security vulnerabilities
  Queue              | Horde Groupware
  Version            | 5.2.22
  Type               | Bug
  State              | Resolved
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             | Michael Rubinsky
------------------------------------------------------------------------------


610code at gmail.com (2018-09-30 20:53) wrote:

Hi,

first of all, thanks for the ping via email. It was a busy week. ;)

Second: I found copy/paste of requests I used (from Burp on the other VM).

To use them: update your cookie for valid one (you can use Burp) because
to exploit it you'll need to be an 'admin' anyway.

Then, sqlmap should be good to reproduce (-r request.txt).

As far as I remember 'display_errors' was enabled.

One note to add:
I tried those requests (with display_err to On and Off) for version  
5.2.19 and .21 as well.
I could not reproduce those 'steps' (for mentioned versions) this
time - so it's a little surprise for me to be honest. ;)

I did not yet check .22 version.

As we spoke more privately:
because we can not reproduce it now - it could be a false positive.
But I think if it's just 'depend' on something we don't know now/yet - that
is still worth to investigate (from the source code 'perspective').

If I can help - let me know.

Thank you for your time.

Best regards,
Cody





> I have asked the original reporter of CVE-2017-17781 to clarify the  
> steps which are needed to produce a SQL injection. If a consensus  
> cannot be reached or if he does not reply to this issue again, I  
> will ask MITRE to review CVE-2017-17781. They might then either  
> reject the issue or mark it as disputed.






More information about the bugs mailing list