oss-sec mailing list archives
CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 23 Nov 2012 12:46:09 -0500 (EST)
Hello Kurt, Steve, vendors, Horde upstream within Horde Groupware Webmail Edition version 4.0.9 release corrected also one XSS issue in IMP: [1] http://lists.horde.org/archives/announce/2012/000840.html * Mail changes: * Fixed obscure XSS issue when uploading attachments. Upstream patch: https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2 References: https://github.com/horde/horde/blob/1550c6ecd7204f9579fcbb09ec7089e01b0771e2/imp/docs/CHANGES Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: No Red Hat bugzilla entry available, since this issue did not affect versions of IMP, as shipped with Fedora / Fedora EPEL. P.S.#2: The other XSS from [1]: Calendar changes: * Fixed XSS issue in portal blocks. is already covered within my previous (Kronolith related) request.
Current thread:
- CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky (Nov 23)