6.0.0-alpha12
6/8/25

[#14165] XSS vuln in login - Qualys Report
Summary XSS vuln in login - Qualys Report
Queue Horde Groupware Webmail Edition
Queue Version 5.2.11
Type Bug
State No Feedback
Priority 3. High
Owners
Requester martin.toth (at) swan (dot) sk
Created 11/18/2015 (3490 days ago)
Due
Updated 01/25/2016 (3422 days ago)
Assigned 11/19/2015 (3489 days ago)
Resolved 01/25/2016 (3422 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
01/25/2016 04:20:43 PM Jan Schneider State ⇒ No Feedback
 
11/19/2015 11:28:41 AM Jan Schneider Comment #3
State ⇒ Feedback		 Reply to this comment
I don't see any issue here, since the payload is correctly escaped 
inside the JavaScript string.
11/18/2015 04:10:27 PM martin (dot) toth (at) swan (dot) sk Comment #2 Reply to this comment
I attached Qualys part of Qualys report related to XSS vuln. in login page.
11/18/2015 04:09:22 PM martin (dot) toth (at) swan (dot) sk Comment #1
Priority ⇒ 3. High
New Attachment: XSS.png Download
Patch ⇒ No
Milestone ⇒
Due ⇒ 11/18/2015
Summary ⇒ XSS vuln in login - Qualys Report
Type ⇒ Bug
State ⇒ Unconfirmed
Queue ⇒ Horde Groupware Webmail Edition		 Reply to this comment
Hi Horde,
we recently run our Qualys Vulnerabilities Scan, it throws an XSS 
vuln. in Horde login page. Can someone confirm it's false positive or 
is it a real issue in final/stable branch of Horde Groupware webmail?

Regards,
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers