Date: Fri, 23 Nov 2012 12:46:09 -0500 (EST) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, security@...de.org Subject: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Hello Kurt, Steve, vendors, Horde upstream within Horde Groupware Webmail Edition version 4.0.9 release corrected also one XSS issue in IMP:  http://lists.horde.org/archives/announce/2012/000840.html * Mail changes: * Fixed obscure XSS issue when uploading attachments. Upstream patch: https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2 References: https://github.com/horde/horde/blob/1550c6ecd7204f9579fcbb09ec7089e01b0771e2/imp/docs/CHANGES Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: No Red Hat bugzilla entry available, since this issue did not affect versions of IMP, as shipped with Fedora / Fedora EPEL. P.S.#2: The other XSS from : Calendar changes: * Fixed XSS issue in portal blocks. is already covered within my previous (Kronolith related) request.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.