6.0.0-beta1
7/8/25

[#12803] CSRF and XSS in in Save search as a virtual address book
Summary CSRF and XSS in in Save search as a virtual address book
Queue Turba
Queue Version 4.1.2
Type Bug
State Resolved
Priority 3. High
Owners jan (at) horde (dot) org
Requester m.benetrix (at) e-secure (dot) com (dot) au
Created 10/28/2013 (4271 days ago)
Due 11/02/2013 (4266 days ago)
Updated 10/29/2013 (4270 days ago)
Assigned
Resolved 10/29/2013 (4270 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
10/29/2013 11:19:31 AM Jan Schneider Assigned to Jan Schneider
State ⇒ Resolved
 
10/29/2013 11:19:22 AM Git Commit Comment #2 Reply to this comment
Changes have been made in Git (master):

commit 74f9add4ad86c29b608270e33b17426163b3c8cf
Author: Jan Schneider <jan@horde.org>
Date:   Tue Oct 29 12:19:06 2013 +0100

     Token-protect vbook form (Bug #12803).

  turba/search.php                      |   67 
+++++++++++++++++++--------------
  turba/templates/search/vbook.html.php |    1 +
  2 files changed, 40 insertions(+), 28 deletions(-)

http://git.horde.org/horde-git/-/commit/74f9add4ad86c29b608270e33b17426163b3c8cf
10/28/2013 10:03:50 PM Michael Slusarz Version ⇒ 4.1.2
Queue ⇒ Turba
Priority ⇒ 3. High
 
10/28/2013 09:37:04 PM m (dot) benetrix (at) e-secure (dot) com (dot) au Comment #1
Priority ⇒ 2. Medium
Patch ⇒ No
Milestone ⇒
Queue ⇒ Horde Groupware Webmail Edition
Due ⇒ 11/02/2013
Summary ⇒ CSRF and XSS in in Save search as a virtual address book
Type ⇒ Bug
State ⇒ Unconfirmed
Reply to this comment
CSRF and XSS were found in the "Save Search as a virtual address book" 
functionality.  A malicious attacker could launch a CSRF attack and 
makes the user to save a malicious code into the "save search".This 
functionality was found to miss the user's input sanitisation, making 
it vulnerable to XSS.

So in order to exploit the XSS, a CSRF has to be launched before.

Saved Queries