[Tickets #8398] Cross Site Scripting Vulnerability

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8398
------------------------------------------------------------------------------
  Ticket             | 8398
  Created By         | security@...
  Summary            | Cross  Site Scripting Vulnerability
  Queue              | Passwd
  Version            | 3.1
  Type               | Bug
  State              | Unconfirmed
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


security@... (2009-07-03 14:45) wrote:

A cross site scripting vulnerability exists.  Proof of concept:

http://hordeserver.com/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password





--
You are subscribed to this list as: lists@...
To unsubscribe, mail: bugs-unsubscribe@...

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8398
------------------------------------------------------------------------------
  Ticket             | 8398
  Updated By         | Chuck Hagenbuch <chuck@...>
  Summary            | Cross  Site Scripting Vulnerability
  Queue              | Passwd
  Version            | 3.1
  Type               | Bug
-State              | Unconfirmed
+State              | Resolved
  Priority           | 2. Medium
  Milestone          |
  Patch              |
-Owners             |
+Owners             | Chuck Hagenbuch
------------------------------------------------------------------------------


Chuck Hagenbuch <chuck@...> (2009-07-05 13:21) wrote:

Fixed for 3.1.1 - thanks.





--
You are subscribed to this list as: lists@...
To unsubscribe, mail: bugs-unsubscribe@...