First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 170979
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 170977
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Emanuele Gentili <bathym@0x656d67.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 170979 depends on: Show dependency tree
Bug 170979 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-03-15 02:17 0000 
a few hours ago, Horde Framework 3.1.4 was released. This stable release
as well as a previous development release titled 3.1.4 RC1 fix a
script/HTML injection issue which does not require pevious
authentication by the victim.

By redirecting the victims' web browser to a specially crafted URL
containing the payload this issue can be exploited. As the users'
session cookie is already set by the time the injection takes place this
issue makes the user prone to XSS attacks.

The vulnerable file is framework/NLS/NLS.php.

Reproducible: Always

Steps to Reproduce:
POC:

[Base_HREF]/horde/[Horde_App]/login.php?new_lang=%22%3E%3Cbody%20onload=%22alert%28'XSS'%29%3B

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-03-15 18:26:23 0000 ------- 
Vapier/webapps please advise.

------- Comment #2 From Raphael Marichez 2007-03-15 21:21:16 0000 ------- 
seems patched

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-03-25 06:46:00 0000 ------- 
Falco, latest stable in Portage is 3.1.3 I don't see any patches?

------- Comment #4 From Matthias Geerdsen 2007-04-24 16:11:17 0000 ------- 
web-apps, please comment, provide an updated ebuild
I don't think we want this masked, but after more than a month without a
comment or anything...

------- Comment #5 From SpanKY 2007-05-05 06:57:38 0000 ------- 

*** This bug has been marked as a duplicate of bug 170977 ***
First Last Prev Next    No search results available      Search page      Enter new bug