Summary | The parameter 'object[name]' is not sanitized in the page '/horde/turba/add.php' |
Queue | Horde Base |
Queue Version | 3.2 |
Type | Bug |
State | Resolved |
Priority | 2. Medium |
Owners | chuck (at) horde (dot) org |
Requester | nicolas.kerschenbaum (at) xmcopartners (dot) com |
Created | 06/12/2008 (6233 days ago) |
Due | 06/10/2008 (6235 days ago) |
Updated | 06/13/2008 (6232 days ago) |
Assigned | 06/12/2008 (6233 days ago) |
Resolved | 06/13/2008 (6232 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
Assigned to Chuck Hagenbuch
State ⇒ Resolved
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.1108&r2=1.1109&ty=u
http://cvs.horde.org/diff.php/horde/services/obrowser/index.php?r1=1.18&r2=1.19&ty=u
Bugs topic.
Regards
Version ⇒ 3.2
Queue ⇒ Horde Base
'object[name]', saved in add.php page, is not sanitized in the page
'/horde/services/obrowser/?path=turba/localsql'.
(xss is a display problem, so add.php isn't the issue). we are
currently investigating.
New Attachment: xss.png
Jean Dupont<!--a75c305b1c0a6022--><script>alert('XMCO');</script>
http://img258.imageshack.us/img258/3708/formao0.png
2) I see my contact list (page:
'/horde/services/obrowser/?path=turba/localsql:heremylogin')
and there is a XSS
http://img246.imageshack.us/img246/5604/xsswt6.png
So, if this security bug is fixed, which version is not vulnerable ?
Regards
saying the vulnerability you see is on the add form itself?
State ⇒ Feedback
State ⇒ Unconfirmed
Milestone ⇒
Queue ⇒ Turba
Due ⇒ 06/10/2008
Summary ⇒ The parameter 'object[name]' is not sanitized in the page '/horde/turba/add.php'
Type ⇒ Bug
Priority ⇒ 2. Medium
I found a security hole in Turba H3 2.1.7
This is a Cross Site Scripting (XSS) vulnerability.
The parameter 'object[name]' is not sanitized in the page
'/horde/turba/add.php'
POC:
<input type="text" name="object[name]" id="object[name]" size="40"
value="<!--a75c305b1c0a6022--><script>alert('XSS by Nicolas
Kerschenbaum');</script>" maxlength="255" />
Could you tell me if this vulnerability is corrected in the last
version of turba (2.2).
Regards
Nicolas Kerschenbaum