Summary | Reflected Cross-Site Scripting (XSS) |
Queue | Horde Base |
Queue Version | FRAMEWORK_5_2 |
Type | Bug |
State | Resolved |
Priority | 3. High |
Owners | jan (at) horde (dot) org |
Requester | duarteetraud (at) gmail (dot) com |
Created | 01/03/2016 (3471 days ago) |
Due | |
Updated | 10/20/2017 (2815 days ago) |
Assigned | |
Resolved | 01/06/2016 (3468 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | 5.2.9 |
Patch | No |
commit 17a1ac38d6750d481784a56dedbcec685092cb41
Author: Jan Schneider <jan@horde.org>
Date: Wed, 06 Jan 2016 11:47:03 +0100
[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only a
few applications (
Bug #14213).M docs/CHANGES
M package.xml
M templates/topbar/_menubar.html.php
https://github.com/horde/base/commit/17a1ac38d6750d481784a56dedbcec685092cb41
vulnerabilities in menu bar and form renderer.".
Is this this only commit, or are they others?
This is currently hard to dig thru the changelogs to get security
patches. Why not using CVEs and traditionnal embargoed patches?
vulnerabilities in menu bar and form renderer.".
Is this this only commit, or are they others?
Thanks
NB: Asking this as the Debian packager, for Debian stable "jessie".
commit f03301cf6edcca57121a15e80014c4d0f29d99a0
Author: Jan Schneider <jan@horde.org>
Date: Wed Jan 6 11:46:35 2016 +0100
[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only
a few applications (
Bug #14213).horde/docs/CHANGES | 26 +++++++++++++++++++++++---
horde/templates/topbar/_menubar.html.php | 2 +-
2 files changed, 24 insertions(+), 4 deletions(-)
http://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
Assigned to Jan Schneider
State ⇒ Resolved
Milestone ⇒ 5.2.9
In the future please report to security@horde.org instead, or make the
comments only readable for the Horde Developers group.
commit ab07a1b447de34e13983b4d7ceb18b58c3a358d8
Author: Jan Schneider <jan@horde.org>
Date: Wed Jan 6 11:46:35 2016 +0100
[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only
a few applications (
Bug #14213).horde/docs/CHANGES | 2 ++
horde/package.xml | 4 ++--
horde/templates/topbar/_menubar.html.php | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
http://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
Queue ⇒ Horde Base
Priority ⇒ 3. High
Type ⇒ Bug
Summary ⇒ Reflected Cross-Site Scripting (XSS)
Queue ⇒ Gollem
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
I've found a XSS flaw on a gollem in Horde (5.2.5) application that's
being used has a plugin in roundecube for file management, I only
tried in prod.
[domain]xplorer/gollem/manager.php?searchfield=%22%22%3E%3Cscript/src=data:,alert(document.cookie)%2b%22&x=0&y=0
Variable: searchfield
The payload:
""><!--a75c305b1c0a6022--><script/src=data:,alert(document.cookie)%2b"
(With Chrome XSS-Auditor bypass)
Input validation in the search field should be enough to stop the attack.
I can post on the bug mailist if you want.
Thank You.