170977 – www-apps/horde-imp <= 4.1.3 XSS

Bug 170977 - www-apps/horde-imp <= 4.1.3 XSS

Summary: www-apps/horde-imp <= 4.1.3 XSS

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://archives.neohapsis.com/archive...
Whiteboard:	B4 [noglsa]
Keywords:

Duplicates (2):	170979 175518 (view as bug list)
Depends on:
Blocks:

Reported:	2007-03-15 01:12 UTC by Emanuele Gentili
Modified:	2007-05-18 23:02 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Emanuele Gentili 2007-03-15 01:12:14 UTC

A victims' web browser, running a previously authenticated IMP session,
may be forced into loading a custom crafted URL pointing to the email
search function. The payload will cause the client side script code
contained in the specially crafted URL to be executed in the security
context of the domain the vulnerable copy of IMP is accessed through.
This allows for mounting XSS attacks.

Reproducible: Always

Steps to Reproduce:
POC:

[Base_HREF]/horde/imp/search.php?edit_query=%22%3E%3Cscript%3Ealert%28'XSS'%29%3C/script%3E%3Cx=%22

Comment 1 Emanuele Gentili 2007-03-15 01:15:42 UTC

(In reply to comment #0)
> A victims' web browser, running a previously authenticated IMP session,
> may be forced into loading a custom crafted URL pointing to the email
> search function. The payload will cause the client side script code
> contained in the specially crafted URL to be executed in the security
> context of the domain the vulnerable copy of IMP is accessed through.
> This allows for mounting XSS attacks.
> 
> Reproducible: Always
> 
> Steps to Reproduce:
> POC:
> 
> [Base_HREF]/horde/imp/search.php?edit_query=%22%3E%3Cscript%3Ealert%28'XSS'%29%3C/script%3E%3Cx=%22
> 


i read now, about this bug in a security full disclosure that horde-imp-4.1.4 vuln too (now latest version in portage is 4.1.3)

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-03-15 18:25:56 UTC

Vapier/webapps please advise.

Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-03-15 21:20:58 UTC

seems patched

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-03-25 06:47:03 UTC

Patched upstream or in Portage?

Comment 5 SpanKY gentoo-dev

2007-05-05 06:57:38 UTC

*** Bug 170979 has been marked as a duplicate of this bug. ***

Comment 6 SpanKY gentoo-dev

2007-05-05 06:57:45 UTC

*** Bug 175518 has been marked as a duplicate of this bug. ***

Comment 7 SpanKY gentoo-dev

2007-05-05 06:59:46 UTC

horde-4.1.4 now in portage

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-05 15:45:48 UTC

Arches please test and mark stable. Target keywords are:

horde-imp-4.1.4.ebuild:KEYWORDS="alpha amd64 hppa ppc sparc x86"

Comment 9 Andrej Kacian (RETIRED) gentoo-dev

2007-05-05 19:38:28 UTC

x86 happy

Comment 10 Jeroen Roovers (RETIRED) gentoo-dev

2007-05-07 04:54:37 UTC

Stable for HPPA.

Comment 11 Gustavo Zacarias (RETIRED) gentoo-dev

2007-05-07 12:33:36 UTC

sparc stable.

Comment 12 Tobias Scherbaum (RETIRED) gentoo-dev

2007-05-08 13:40:25 UTC

ppc stable

Comment 13 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev

2007-05-10 11:05:07 UTC

stable on alpha

Comment 14 Emanuele Gentili 2007-05-10 18:34:34 UTC

waiting "amd" and then pls vote for GLSA.

Comment 15 Steve Dibb (RETIRED) gentoo-dev

2007-05-11 15:09:02 UTC

amd64 stable

Comment 16 Emanuele Gentili 2007-05-12 11:36:21 UTC

Please vote for GLSA.

Comment 17 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-14 18:14:25 UTC

I tend to vote NO.

Comment 18 Daniel Black (RETIRED) gentoo-dev

2007-05-15 01:43:37 UTC

i do vote no

Comment 19 Emanuele Gentili 2007-05-17 22:02:45 UTC

me too.., bug CLOSED