=================== BUG #3128: FULL BUG SNAPSHOT ===================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3128&group_id=1968
Submitted by: ehood Project: MHonArc
Submitted on: Sat 04/05/2003 at 17:54
Category: MIME Filter Severity: 5 - Major
Bug Group: Security Resolution: None
Assigned to: None Status: Open
Platform Version: All Perl Version: All
Component Version: <=2.6.2 Fixed Release:
Summary: XSS Vulnerabilies
Original Submission: Copied from private message:
The following constructs all came out as working javascript or SSI
directives after I installed mhonarc v2.6.2 and ran them through
mhonarc -single:
<!-<link>-#exec foo -->
<img src=foo onerror="alert(1)">
<img lowsrc="javas
cript:alert(2)">
<img lowsrc="javas	cript:alert(3)">
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3128&group_id=1968
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV