mhonarc-dev

[bug #32080] Specially crafted <base href> can lead to XSS exploit

2011-01-09 02:44:56

URL:
  <http://savannah.nongnu.org/bugs/?32080>

                 Summary: Specially crafted <base href> can lead to XSS
exploit
                 Project: MHonArc
            Submitted by: ehood
            Submitted on: Sun 09 Jan 2011 02:46:00 AM CST
                Category: MIME Filter
                Severity: 6 - Security
                Priority: 7 - High
              Item Group: Security
                  Status: Confirmed
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: All
            Perl Version: All
       Component Version: <=2.6.16
           Fixed Release: 2.6.17

    _______________________________________________________

Details:

If HTML filtering has not been disabled, and if using mhonarc's
mhtxthtml.pl filter to filter HTML data, a specially crafted
<base href> tag in the HTML can be lead to an XSS exploit
of the web archive site.




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?32080>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV

<Prev in Thread] Current Thread [Next in Thread>