6.0.0-beta1
10/20/25

[#4816] XSS via new_lang
Summary XSS via new_lang
Queue Horde Framework Packages
Queue Version HEAD
Type Bug
State Resolved
Priority 2. Medium
Owners
Requester thomas (at) gelf (dot) net
Created 12/28/2006 (6871 days ago)
Due
Updated 12/28/2006 (6871 days ago)
Assigned
Resolved 12/28/2006 (6871 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
12/28/2006 04:12:58 PM Jan Schneider Comment #3
State ⇒ Resolved		 Reply to this comment
I'm not sure how this could be exploited with XSS, but an additional 
check doesn't hurt. Committed, thanks.
12/28/2006 04:07:46 PM Jan Schneider Deleted Original Message
 
12/28/2006 03:20:37 PM thomas (at) gelf (dot) net Comment #2
New Attachment: patch2_new_lang_xss.diff Download		 Reply to this comment
Same thing, different patch
12/28/2006 03:19:32 PM thomas (at) gelf (dot) net Comment #1
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ XSS via new_lang
Queue ⇒ Horde Framework Packages
New Attachment: patch1_new_lang_xss.diff		 Reply to this comment
There are no checks for new_lang in NLS.php.



Cheers,

Thomas Gelf
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers