[Tickets #14857] Re: Multiple XSS security vulnerabilities
noreply at bugs.horde.org
noreply at bugs.horde.org
Sun Sep 30 21:27:12 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
Ticket | 14857
Updated By | 610code at gmail.com
Summary | Multiple XSS security vulnerabilities
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Resolved
Priority | 3. High
Milestone |
Patch |
Owners | Michael Rubinsky
+New Attachment | horde-sqli-false-positives.zip
------------------------------------------------------------------------------
610code at gmail.com (2018-09-30 21:27) wrote:
RE
I verified request-files for version .22 as well.
In my opinion those 2 SQLi bugs (for all 3 versions mentioned)
should be considered as false positives.
For version .22 I was able to 'inject' some data but it was garbage.
Below you'll find few screens.
My post on code610 will now be updated.
I will also ask MITRE to update information about this CVE.
Thkank you for your time.
Best regards,
Cody
> (...) files attached below again; comment to delete; thank you
610code at gmail.com (2018-09-30 21:27) uploaded: horde-sqli-false-positives.zip
https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=horde-sqli-false-positives.zip&ticket=14857&fn=%2Fhorde-sqli-false-positives.zip
More information about the bugs
mailing list