| Summary | XSS vulnerability in Tasks view |
| Queue | Kronolith |
| Queue Version | Git master |
| Type | Enhancement |
| State | Resolved |
| Priority | 3. High |
| Owners | jan (at) horde (dot) org |
| Requester | ctimoteo (at) sapo (dot) pt |
| Created | 2012-05-10 (2235 days ago) |
| Due | |
| Updated | 2012-05-15 (2230 days ago) |
| Assigned | |
| Resolved | 2012-05-12 (2233 days ago) |
| Milestone | |
| Patch | Yes |
commit 1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
Author: Jan Schneider <jan@horde.org>
Date: Sat May 12 13:32:19 2012 +0200
Escape content (
Bug #11189).kronolith/docs/CHANGES | 2 ++
kronolith/js/kronolith.js | 10 +++++-----
kronolith/package.xml | 2 ++
3 files changed, 9 insertions(+), 5 deletions(-)
http://git.horde.org/horde-git/-/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
Assigned to Jan Schneider
State ⇒ Resolved
for "Horde Developers" visible only.
commit 1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
Author: Jan Schneider <jan@horde.org>
Date: Sat May 12 13:32:19 2012 +0200
Escape content (
Bug #11189).kronolith/docs/CHANGES | 2 ++
kronolith/js/kronolith.js | 10 +++++-----
kronolith/package.xml | 2 ++
3 files changed, 9 insertions(+), 5 deletions(-)
http://git.horde.org/horde-git/-/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 3. High
Summary ⇒ XSS vulnerability in Tasks view
Queue ⇒ Kronolith
Milestone ⇒
Patch ⇒ Yes
New Attachment: kronolith.js.patch.txt
I detected one possible XSS vulnerability in Kronolith,
In the Task view if i create tasks with some javascript code in task
description,
the javascript code is executed when listing the tasks (or after a toggle),
i provide one patch to solve-it
Goodbye.
--
Carlos Timóteo