Bug 170977 - www-apps/horde-imp <= 4.1.3 XSS
Bug#: 170977 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: CLOSED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: bathym@0x656d67.org
Component: Vulnerabilities
URL:  http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0179.html
Summary: www-apps/horde-imp <= 4.1.3 XSS
Keywords:  
Status Whiteboard: B4 [noglsa]
Opened: 2007-03-15 01:12 0000
Description:   Opened: 2007-03-15 01:12 0000 
A victims' web browser, running a previously authenticated IMP session,
may be forced into loading a custom crafted URL pointing to the email
search function. The payload will cause the client side script code
contained in the specially crafted URL to be executed in the security
context of the domain the vulnerable copy of IMP is accessed through.
This allows for mounting XSS attacks.

Reproducible: Always

Steps to Reproduce:
POC:

[Base_HREF]/horde/imp/search.php?edit_query=%22%3E%3Cscript%3Ealert%28'XSS'%29%3C/script%3E%3Cx=%22

------- Comment #1 From Emanuele Gentili 2007-03-15 01:15:42 0000 ------- 
(In reply to comment #0)
> A victims' web browser, running a previously authenticated IMP session,
> may be forced into loading a custom crafted URL pointing to the email
> search function. The payload will cause the client side script code
> contained in the specially crafted URL to be executed in the security
> context of the domain the vulnerable copy of IMP is accessed through.
> This allows for mounting XSS attacks.
> 
> Reproducible: Always
> 
> Steps to Reproduce:
> POC:
> 
> [Base_HREF]/horde/imp/search.php?edit_query=%22%3E%3Cscript%3Ealert%28'XSS'%29%3C/script%3E%3Cx=%22
> 


i read now, about this bug in a security full disclosure that horde-imp-4.1.4
vuln too (now latest version in portage is 4.1.3)

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-03-15 18:25:56 0000 ------- 
Vapier/webapps please advise.

------- Comment #3 From Raphael Marichez 2007-03-15 21:20:58 0000 ------- 
seems patched

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-03-25 06:47:03 0000 ------- 
Patched upstream or in Portage?

------- Comment #5 From SpanKY 2007-05-05 06:57:38 0000 ------- 
*** Bug 170979 has been marked as a duplicate of this bug. ***

------- Comment #6 From SpanKY 2007-05-05 06:57:45 0000 ------- 
*** Bug 175518 has been marked as a duplicate of this bug. ***

------- Comment #7 From SpanKY 2007-05-05 06:59:46 0000 ------- 
horde-4.1.4 now in portage

------- Comment #8 From Sune Kloppenborg Jeppesen 2007-05-05 15:45:48 0000 ------- 
Arches please test and mark stable. Target keywords are:

horde-imp-4.1.4.ebuild:KEYWORDS="alpha amd64 hppa ppc sparc x86"

------- Comment #9 From Andrej Kacian (RETIRED) 2007-05-05 19:38:28 0000 ------- 
x86 happy

------- Comment #10 From Jeroen Roovers 2007-05-07 04:54:37 0000 ------- 
Stable for HPPA.

------- Comment #11 From Gustavo Zacarias (RETIRED) 2007-05-07 12:33:36 0000 ------- 
sparc stable.

------- Comment #12 From Tobias Scherbaum 2007-05-08 13:40:25 0000 ------- 
ppc stable

------- Comment #13 From Jose Luis Rivero (yoswink) 2007-05-10 11:05:07 0000 ------- 
stable on alpha

------- Comment #14 From Emanuele Gentili 2007-05-10 18:34:34 0000 ------- 
waiting "amd" and then pls vote for GLSA.

------- Comment #15 From Steve Dibb 2007-05-11 15:09:02 0000 ------- 
amd64 stable

------- Comment #16 From Emanuele Gentili 2007-05-12 11:36:21 0000 ------- 
Please vote for GLSA.

------- Comment #17 From Sune Kloppenborg Jeppesen 2007-05-14 18:14:25 0000 ------- 
I tend to vote NO.

------- Comment #18 From Daniel Black 2007-05-15 01:43:37 0000 ------- 
i do vote no

------- Comment #19 From Emanuele Gentili 2007-05-17 22:02:45 0000 ------- 
me too.., bug CLOSED