6.0.0-git
2019-09-20

[#8398] Cross Site Scripting Vulnerability
Summary Cross Site Scripting Vulnerability
Queue Passwd
Queue Version 3.1
Type Bug
State Resolved
Priority 2. Medium
Owners chuck (at) horde (dot) org
Requester security (at) davidwharton (dot) us
Created 2009-07-03 (3731 days ago)
Due
Updated 2009-07-05 (3729 days ago)
Assigned
Resolved 2009-07-05 (3729 days ago)
Milestone
Patch No

History
2009-07-05 17:21:51 Chuck Hagenbuch Comment #3
Assigned to Chuck Hagenbuch
State ⇒ Resolved
Reply to this comment
Fixed for 3.1.1 - thanks.
2009-07-03 18:45:14 security (at) davidwharton (dot) us Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Cross Site Scripting Vulnerability
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ No
Reply to this comment
A cross site scripting vulnerability exists.  Proof of concept:



http://hordeserver.com/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password

Saved Queries