oss-sec mailing list archives
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)
From: Josh Bressers <bressers () redhat com>
Date: Tue, 21 Dec 2010 19:53:51 -0500 (EST)
Please use CVE-2010-4524 Thanks. -- JB ----- Original Message -----
Hello Steve, vendors, MHonArc, a Perl mail-to-HTML converter, failed to properly escape certain HTML sequences. A remote attacker could provide a specially-crafted email message and trick the local user to convert it into HTML format. Subsequent preview of such message might potentially execute arbitrary HTML or scripting code (XSS). References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693 [2] https://bugzilla.redhat.com/show_bug.cgi?id=664718 Public PoC: [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=elsatest.mbox;att=1;bug=607693 Further issue note: ------------------- MHonArc properly escapes for example: <script>alert("elsa");</script> => <script>alert("elsa");</script> But fails to do the same example for a string in the form of: <scr<body>ipt>alert("elsa");</scr<body>ipt> => <script>alert("elsa");</script> Affected versions: Issue confirmed in latest MHonArc-2.6.16 version Could you allocate a CVE id for this issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Jan Lieskovsky (Dec 21)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Earl Hood (Dec 21)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Raphael Geissert (Dec 22)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Jeff Breidenbach (Dec 30)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Josh Bressers (Dec 21)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Earl Hood (Dec 21)