| Summary | XSS: Mailbox name not encoded properly |
| Queue | DIMP |
| Queue Version | FRAMEWORK_3 |
| Type | Bug |
| State | Resolved |
| Priority | 3. High |
| Owners | slusarz (at) horde (dot) org |
| Requester | slusarz (at) horde (dot) org |
| Created | 2010-09-08 (5337 days ago) |
| Due | |
| Updated | 2010-09-08 (5337 days ago) |
| Assigned | |
| Resolved | 2010-09-08 (5337 days ago) |
| Milestone | 1.1.5 |
| Patch | No |
Bug #9240: properly escape elements in dimp.Escape mailbox label since it is directly inserted into page in the
message list title bar.
Escape growler message because it may include user submitted input.
http://git.horde.org/diff.php/imp/docs/CHANGES?rt=horde-git&r1=7ce7ed91b17089d0468c00ae9f743b58516d9bef&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
http://git.horde.org/diff.php/imp/js/dimpcore.js?rt=horde-git&r1=1d4ab4eae68e0b38ed57f251079ab5341547e2b4&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
Bug: 9240Fix XSS vulnerability
http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horder1=1.69.2.85r2=1.69.2.86ty=u
http://cvs.horde.org/diff.php/dimp/lib/Views/ListMessages.php?rt=horder1=1.53.2.24r2=1.53.2.25ty=u
Type ⇒ Bug
State ⇒ Assigned
Priority ⇒ 3. High
Summary ⇒ XSS: Mailbox name not encoded properly
Queue ⇒ DIMP
Assigned to Michael Slusarz
Milestone ⇒ 1.1.5
Patch ⇒ No