Date: Tue, 21 Dec 2010 15:02:23 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com>, Earl Hood <earl@...lhood.com>, "non customers" <non-customers@...ramail.com> Subject: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Hello Steve, vendors, MHonArc, a Perl mail-to-HTML converter, failed to properly escape certain HTML sequences. A remote attacker could provide a specially-crafted email message and trick the local user to convert it into HTML format. Subsequent preview of such message might potentially execute arbitrary HTML or scripting code (XSS). References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693  https://bugzilla.redhat.com/show_bug.cgi?id=664718 Public PoC:  http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=elsatest.mbox;att=1;bug=607693 Further issue note: ------------------- MHonArc properly escapes for example: <script>alert("elsa");</script> => <script>alert("elsa");</script> But fails to do the same example for a string in the form of: <scr<body>ipt>alert("elsa");</scr<body>ipt> => <script>alert("elsa");</script> Affected versions: Issue confirmed in latest MHonArc-2.6.16 version Could you allocate a CVE id for this issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ