oss-sec mailing list archives
Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 23 Nov 2012 11:36:57 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/23/2012 10:46 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, Horde upstream within Horde Groupware Webmail Edition version 4.0.9 release corrected also one XSS issue in IMP: [1] http://lists.horde.org/archives/announce/2012/000840.html * Mail changes: * Fixed obscure XSS issue when uploading attachments. Upstream patch: https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2
References: https://github.com/horde/horde/blob/1550c6ecd7204f9579fcbb09ec7089e01b0771e2/imp/docs/CHANGES
Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: No Red Hat bugzilla entry available, since this issue did not affect versions of IMP, as shipped with Fedora / Fedora EPEL. P.S.#2: The other XSS from [1]: Calendar changes: * Fixed XSS issue in portal blocks. is already covered within my previous (Kronolith related) request.
Please use CVE-2012-5565 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQr8JJAAoJEBYNRVNeJnmTPswP/2M1CsC7Iirut0OYhaQWjPEj Qqvab1qDeKw8QyxASBOarOEEWpXbbIhJ6DrmdBxlnI7zZAAo/SFiQKqqFKw8J0t3 7DzKUzVk/HymGz8ZbtECW9DT116jDGGLXP9zhH+LGB39Q98woSE9Fzr0ZlgV6gmk zwkurc/tb6xz03VQgceex8DwEn+Xm/7uFez3cxcK4zgy6AKUKIX3n9kbUIv8tpV6 mn41PaJojZ8sZMSzgIhcXz/0SYK0doA9oRvpyHWTQGE3gqF1rtz2kxYVNNg2VnAf udQ7jPHQTh8Wb5O47Uhgw/m1ywvys8V1Kh+5KcSBAmjFsctFBoPKjs+vEOqia+EM fb3QDRtastF3WiRUbtnCQEPvXA/DEOnt9Za5cvstofxThIMhtzYInKbnUws1SMeI c/z+Z3386DI4L7mbb0cOBlEGE/4PEvoohu7uueKsKE7Rc1bNYJvjuAWA8QkCBrcW LwedfuXoeO6zBH6lx1H65/XfNXFvL9fqlCKhEv8i9129zcAbbIWZNwxi46kAtP6Q m4NvvowC68HOCeMrr3Tz10JEZvLfmsveoR2X219wa4vZJk6Z7pkHBAocI2qMbEaM YbSO0I1URvtCYH2OCMFLMiMJBuurBBrZ82QwM5GkN1dypNnGSSL3r6UzJvbCnRHe vTbrDfwM5z4P2JjrSxpV =G5Z1 -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky (Nov 23)
- Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Kurt Seifried (Nov 23)