6.0.0-beta13
4/11/26

[#3751] XSS via X-color
Summary XSS via X-color
Queue IMP
Queue Version 4.1
Type Bug
State Resolved
Priority 1. Low
Owners
Requester miksir (at) maker (dot) ru
Created 4/10/06 (7306 days ago)
Due
Updated 4/10/06 (7306 days ago)
Assigned
Resolved 4/10/06 (7306 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
10.04.2006 14:52:26 Chuck Hagenbuch Comment #2
State ⇒ Resolved		 Reply to this comment
Fixed in HEAD and for IMP 4.1.1.
10.04.2006 14:09:10 miksir (at) maker (dot) ru Comment #1
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ XSS via X-color
Queue ⇒ IMP		 Reply to this comment
No checks in X-color field. (If show_account_colors on)

X-Color field may be created by remote client .

For example:

X-color: "><!--a75c305b1c0a6022--><script>alert("hello");</script><"


New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers