mhonarc-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[bug #32013] Improper escaping of certain HTML sequences (XSS)

2010-12-30 14:04:22
from [Earl Hood] [Permanent Link] 

URL:
  <http://savannah.nongnu.org/bugs/?32013>

                 Summary: Improper escaping of certain HTML sequences (XSS) 
                 Project: MHonArc
            Submitted by: ehood
            Submitted on: Thu 30 Dec 2010 02:04:54 PM CST
                Category: MIME Filter
                Severity: 6 - Security
              Item Group: Undesired Behavior
                  Status: Confirmed
                 Privacy: Public
             Assigned to: ehood
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: All
            Perl Version: All
       Component Version: 2.6.16
           Fixed Release: 

    _______________________________________________________

Details:

Specially crafted HTML email message can allow scripting
content to make it passed the default HTML MIME filter,
allowing for XSS-based attack on archive site.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=664718
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?32013>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  [bug #26577] Changed semantic for unpack breaks UTF-8, Earl Hood
Next by Thread:  [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS), Earl Hood
Indexes:  [Date] [Thread] [Top] [All Lists]