[imp] Horde IMP Webmail Client XSS vulnerability
Son Truong
svt at st-andrews.ac.uk
Tue Dec 13 06:40:49 PST 2005
I'm sure this is a stupid question but...
I've commented the HTML driver lines in mime_drivers.php and also
remove the 'html' in the registered mime_drivers_map...
But how do I stop view.php from opening the html when the user clicks
on the link in 'Part(s)' of the message screen?
This is in HORDE 2.2.9 and IMP 3.2.8.
Jan Schneider wrote:
>Zitat von Son Truong <svt at st-andrews.ac.uk>:
>
>
>
>>Any one seen this?
>>
>>http://www.securityfocus.com/archive/1/418734
>>
>>Is there a fix?
>>
>>
>
>Yes, disable the HTML mime viewer.
>
>Jan.
>
>
>
--
Son V Truong * Unix System Programmer * Systems Group
LIS: IT Services * University of St Andrews
01334 462373 * svt at st-andrews.ac.uk
More information about the imp
mailing list