mailing list archives
CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 23 Nov 2012 12:46:09 -0500 (EST)
Hello Kurt, Steve, vendors,
Horde upstream within Horde Groupware Webmail Edition version 4.0.9
release corrected also one XSS issue in IMP:
* Mail changes:
* Fixed obscure XSS issue when uploading attachments.
Upstream patch: https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
P.S.: No Red Hat bugzilla entry available, since this issue did not
affect versions of IMP, as shipped with Fedora / Fedora EPEL.
P.S.#2: The other XSS from :
* Fixed XSS issue in portal blocks.
is already covered within my previous (Kronolith related) request.
- CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky (Nov 23)