URL:
<http://savannah.nongnu.org/bugs/?32080>
Summary: Specially crafted <base href> can lead to XSS
exploit
Project: MHonArc
Submitted by: ehood
Submitted on: Sun 09 Jan 2011 02:46:00 AM CST
Category: MIME Filter
Severity: 6 - Security
Priority: 7 - High
Item Group: Security
Status: Confirmed
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Operating System: All
Perl Version: All
Component Version: <=2.6.16
Fixed Release: 2.6.17
_______________________________________________________
Details:
If HTML filtering has not been disabled, and if using mhonarc's
mhtxthtml.pl filter to filter HTML data, a specially crafted
<base href> tag in the HTML can be lead to an XSS exploit
of the web archive site.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?32080>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV