Tickets :: [#12803] CSRF and XSS in in Save search as a virtual address book

6.0.0-beta1

7/8/25

Summary	CSRF and XSS in in Save search as a virtual address book
Queue	Turba
Queue Version	4.1.2
Type	Bug
State	Resolved
Priority	3. High
Owners	jan (at) horde (dot) org
Requester	m.benetrix (at) e-secure (dot) com (dot) au
Created	10/28/2013 (4271 days ago)
Due	11/02/2013 (4266 days ago)
Updated	10/29/2013 (4270 days ago)
Assigned
Resolved	10/29/2013 (4270 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

10/29/2013 11:19:31 AM	Jan Schneider	Assigned to Jan Schneider State ⇒ Resolved

10/29/2013 11:19:22 AM	Git Commit	Comment #2	Reply to this comment
Changes have been made in Git (master): commit 74f9add4ad86c29b608270e33b17426163b3c8cf Author: Jan Schneider <jan@horde.org> Date: Tue Oct 29 12:19:06 2013 +0100 Token-protect vbook form (~~Bug #12803~~). turba/search.php \| 67 +++++++++++++++++++-------------- turba/templates/search/vbook.html.php \| 1 + 2 files changed, 40 insertions(+), 28 deletions(-) http://git.horde.org/horde-git/-/commit/74f9add4ad86c29b608270e33b17426163b3c8cf

10/28/2013 10:03:50 PM	Michael Slusarz	Version ⇒ 4.1.2 Queue ⇒ Turba Priority ⇒ 3. High

10/28/2013 09:37:04 PM	m (dot) benetrix (at) e-secure (dot) com (dot) au	Comment #1 Priority ⇒ 2. Medium Patch ⇒ No Milestone ⇒ Queue ⇒ Horde Groupware Webmail Edition Due ⇒ 11/02/2013 Summary ⇒ CSRF and XSS in in Save search as a virtual address book Type ⇒ Bug State ⇒ Unconfirmed	Reply to this comment
CSRF and XSS were found in the "Save Search as a virtual address book" functionality. A malicious attacker could launch a CSRF attack and makes the user to save a malicious code into the "save search".This functionality was found to miss the user's input sanitisation, making it vulnerable to XSS. So in order to exploit the XSS, a CSRF has to be launched before.