6.0.0-beta1
8/23/25

[#3751] XSS via X-color
Summary XSS via X-color
Queue IMP
Queue Version 4.1
Type Bug
State Resolved
Priority 1. Low
Owners
Requester miksir (at) maker (dot) ru
Created 04/10/2006 (7075 days ago)
Due
Updated 04/10/2006 (7075 days ago)
Assigned
Resolved 04/10/2006 (7075 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
04/10/2006 02:52:26 PM Chuck Hagenbuch Comment #2
State ⇒ Resolved		 Reply to this comment
Fixed in HEAD and for IMP 4.1.1.
04/10/2006 02:09:10 PM miksir (at) maker (dot) ru Comment #1
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ XSS via X-color
Queue ⇒ IMP		 Reply to this comment
No checks in X-color field. (If show_account_colors on)

X-Color field may be created by remote client .

For example:

X-color: "><!--a75c305b1c0a6022--><script>alert("hello");</script><"


New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers