| Summary | Cross Site Scripting Vulnerability |
| Queue | Passwd |
| Queue Version | 3.1 |
| Type | Bug |
| State | Resolved |
| Priority | 2. Medium |
| Owners | chuck (at) horde (dot) org |
| Requester | security (at) davidwharton (dot) us |
| Created | 2009-07-03 (5768 days ago) |
| Due | |
| Updated | 2009-07-05 (5766 days ago) |
| Assigned | |
| Resolved | 2009-07-05 (5766 days ago) |
| Milestone | |
| Patch | No |
Assigned to Chuck Hagenbuch
State ⇒ Resolved
http://cvs.horde.org/diff.php/passwd/docs/CHANGES?rt=horde&r1=1.110&r2=1.111&ty=u
http://cvs.horde.org/diff.php/passwd/main.php?rt=horde&r1=1.82&r2=1.83&ty=u
http://cvs.horde.org/diff.php/passwd/templates/main/main.inc?rt=horde&r1=1.41&r2=1.42&ty=u
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Cross Site Scripting Vulnerability
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ No
http://hordeserver.com/horde/passwd/main.php?backend="><!--a75c305b1c0a6022--><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password