[#9191] XSS Vulnerability
Summary XSS Vulnerability
Queue Gollem
Queue Version 1.1.1
Type Bug
State Resolved
Priority 3. High
Owners slusarz (at) horde (dot) org
Requester nightmare.lmw (at) anarchynet (dot) org
Created 2010-08-21 (2833 days ago)
Updated 2010-08-24 (2830 days ago)
Resolved 2010-08-24 (2830 days ago)
Patch Yes

2010-08-24 18:38:26 Michael Slusarz Comment #3
Assigned to Michael Slusarz
State ⇒ Resolved
Reply to this comment
Git master fix:

This has been fixed in 1.1.2, although slightly different from your 
patch - we instead use the Horde::fatal() function which is the 
preferred way of reporting these kind of errors anyway.

Thank you for your report.
2010-08-21 14:20:21 nightmare (dot) lmw (at) anarchynet (dot) org Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High
Summary ⇒ XSS Vulnerability
Queue ⇒ Gollem
Milestone ⇒
Patch ⇒ Yes
New Attachment: view.php.patched Download
Reply to this comment
I have found a Cross Site Scripting vulnerability in Gollem,

Exploit : 

Vulnerable file : view.php (Line 32 - 46)

Vulnerable code :

if (is_callable(array($GLOBALS['gollem_vfs'], 'readStream'))) {
     $stream = $GLOBALS['gollem_vfs']->readStream($filedir, $filename);
     if (is_a($stream, 'PEAR_Error')) {
         Horde::logMessage($stream, __FILE__, __LINE__, PEAR_LOG_NOTICE);
         printf(_("Access denied to %s"), $filename);
} else {
     $data = $GLOBALS['gollem_vfs']->read($filedir, $filename);
     if (is_a($data, 'PEAR_Error')) {
         Horde::logMessage($data, __FILE__, __LINE__, PEAR_LOG_NOTICE);
         printf(_("Access denied to %s"), $filename);

I hope you fix the vulnerability asap. Patch in attachment.

Have a nice day.

Nicolas C. [NightMareLmW From DevSec]

Saved Queries