6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
9/24/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#5063] HTML INJECT Vulenrability
*
Your Email Address
*
Spam protection
Enter the letters below:
. ..__ .__ .__ . . |\ |[__)[__)[__)|_/ | \|[__)| \| | \
Comment
> Horde IMP is prone to an HTML injection vulnerability. This issue is > due to a failure in > > the application to properly sanitize variable 'url'. > > > > Attacker-supplied HTML and script code would be executed in the > context of the affected > > Web site, potentially allowing for theft of cookie-based > authentication credentials. An > > attacker could also exploit this issue to control how the site is > rendered to the user; > > other attacks are also possible. > > > > This would effect even an unauthenticated user which could be > directed to a malicious web page resulting in information theft or > even system compromise by injecting Trojans. > > > > PROOF OF CONCEPT CODE: > > > > > > http://<HOST>/index.php?url=<any web.html> > > > > A prompt responce will be highly appreciated. > > > > Thankyou > > Abdus Samad > > Advanced Research Projects and Technologies > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers