Full Disclosure mailing list archives
kmMail XSS
From: Ulf Harnhammar <ulfh () update uu se>
Date: Mon, 21 Oct 2002 00:26:12 +0200 (CEST)
kmMail XSS * kmMail is an open-sourced web-based mail client, based on Keftamail. * kmMail version 1.0b has got a cross-site scripting bug when viewing HTML e-mail messages. It filters out bad HTML elements, but not good HTML elements with bad HTML attributes like this one: <b onMouseOver="alert(document.location)">bolder</b> * kmMail version 1.0b.1 doesn't have this problem. * Therefore any kmMail users out there should upgrade. // Ulf Harnhammar VSU Security ulfh () update uu se _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- kmMail XSS Ulf Harnhammar (Oct 20)