URL:
<http://savannah.nongnu.org/bugs/?32013>
Summary: Improper escaping of certain HTML sequences (XSS)
Project: MHonArc
Submitted by: ehood
Submitted on: Thu 30 Dec 2010 02:04:54 PM CST
Category: MIME Filter
Severity: 6 - Security
Item Group: Undesired Behavior
Status: Confirmed
Privacy: Public
Assigned to: ehood
Open/Closed: Open
Discussion Lock: Any
Operating System: All
Perl Version: All
Component Version: 2.6.16
Fixed Release:
_______________________________________________________
Details:
Specially crafted HTML email message can allow scripting
content to make it passed the default HTML MIME filter,
allowing for XSS-based attack on archive site.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=664718
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?32013>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV