Thu, 09 Apr 2026 22:37:17 +0000 https://bugs.horde.org/ticket/9191 XSS Vulnerability I have found a Cross Site Scripting vulnerability in Gollem, Exploit : http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<!--a75c305b1c0a6022--><script>alert("XSS")</script>&dir=../baddir/&driver=file Vulnerable file : view.php (Line 32 - 46) Vulnerable code : if (is_callable(array($GLOBALS['gollem_vfs'], 'readStream'))) { $stream = $GLOBALS['gollem_vfs']->readStream($filedir, $filename); if (is_a($stream, 'PEAR_Error')) { Horde::logMessage($stream, __FILE__, __LINE__, PEAR_LOG_NOTICE); printf(_("Access denied to %s"), $filename); exit; } } else { $data = $GLOBALS['gollem_vfs']->read($filedir, $filename); if (is_a($data, 'PEAR_Error')) { Horde::logMessage($data, __FILE__, __LINE__, PEAR_LOG_NOTICE); printf(_("Access denied to %s"), $filename); exit; } } I hope you fix the vulnerability asap. Patch in attachment. Have a nice day. Nicolas C. [NightMareLmW From DevSec] Sat, 21 Aug 2010 14:20:21 +0000 https://bugs.horde.org/ticket/9191#t59703 Changes have been made in CVS for this ticket: Bug: 9191 Submitted by: nightmare.lmw@anarchynet.org Fix CSS vulnerability when viewing file data. http://cvs.horde.org/diff.php/gollem/docs/CHANGES?rt=horde&r1=1.114.2.57&r2=1.114.2.58&ty=u http://cvs.horde.org/diff.php/gollem/view.php?rt=horde&r1=1.51.2.6&r2=1.51.2.7&ty=u Tue, 24 Aug 2010 18:31:35 +0000 https://bugs.horde.org/ticket/9191#t59721 Git master fix: http://lists.horde.org/archives/commits/2010-August/004747.html This has been fixed in 1.1.2, although slightly different from your patch - we instead use the Horde::fatal() function which is the preferred way of reporting these kind of errors anyway. Thank you for your report. Tue, 24 Aug 2010 18:38:26 +0000 https://bugs.horde.org/ticket/9191#t59722