6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
3/1/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#12803] CSRF and XSS in in Save search as a virtual address book
*
Your Email Address
*
Spam protection
Enter the letters below:
.__ \ /. .. ..___ [__) >< |\ ||\ |[__ [__)/ \| \|| \||
Comment
> CSRF and XSS were found in the "Save Search as a virtual address > book" functionality. A malicious attacker could launch a CSRF attack > and makes the user to save a malicious code into the "save > search".This functionality was found to miss the user's input > sanitisation, making it vulnerable to XSS. > > So in order to exploit the XSS, a CSRF has to be launched before.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers