Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Sep 2010 15:32:28 -0400 (EDT)
From: Josh Bressers <>
Cc: Moritz Naumann <>,
        "Steven M. Christey" <>
Subject: Re: CVE Request -- Horde v3.3.8 -- XSS in
 icon_browser.php due improper sanitization of 'subdir' URL parameter

Please use CVE-2010-3077



----- "Jan Lieskovsky" <> wrote:

> Hello Steve, vendors,
>    Moritz Naumann reported:
>    [1]
> a deficiency in the way Horde framework sanitized user-provided
> 'subdir' parameter, when composing final path to the image file.
> A remote, unauthenticated user could use this flaw to conduct
> cross-site scripting attacks (execute arbitrary HTML or scripting
> code) by providing a specially-crafted URL to the running
> Horde framework instance.
> Upstream patch:
>    [2]
> Sample public URL by Moritz to demonstrate the issue:
>    [3] [path_to_horde]/util/icon_browser.php?subdir=<body
> onload="alert('XSS')">&app=horde
> Could you allocate CVE id for this issue?
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.