| Summary | Security: IMP HTML Email view does not sanitize against javascript in the onerror property |
| Queue | IMP |
| Queue Version | FRAMEWORK_6_0 |
| Type | Bug |
| State | Assigned |
| Priority | 3. High |
| Owners | rlang (at) |
| Requester | natasa.jakec (at) gmail (dot) com |
| Created | 5/15/25 (401 days ago) |
| Due | |
| Updated | 5/15/25 (401 days ago) |
| Assigned | 5/15/25 (401 days ago) |
| Resolved | |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Assigned
Priority ⇒ 3. High
Type ⇒ Bug
Summary ⇒ Security: IMP HTML Email view does not sanitize against javascript in the onerror property
Queue ⇒ IMP
Assigned to rlang
Milestone ⇒
Patch ⇒ No
encoding ? XSS payload
Quick remedy is to disable HTML display.
Proper solution needs server-side filtering against javascript.
This was originally reported against Horde 5.2 - unsure if a patch can
be backported.