[pkg-horde] Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Gregory Colpart
reg at evolix.fr
Sun Jul 27 12:54:53 UTC 2008
Package: horde3
Version: 3.1.3-4etch3
Severity: important
Tags: patch security
Hello,
There is a small XSS/unescaped output (only exploitable by
someone who can create a contact, and requiring the victim to
have access to that contact).
Patch inline:
Index: services/obrowser/index.php
===================================================================
RCS file: /repository/horde/services/obrowser/index.php,v
retrieving revision 1.18
diff -u -r1.18 index.php
--- services/obrowser/index.php 2 Jan 2008 11:13:57 -0000 1.18
+++ services/obrowser/index.php 13 Jun 2008 21:37:43 -0000
@@ -92,10 +92,10 @@
if (!empty($values['browseable'])) {
$url = Horde::url($registry->get('webroot', 'horde') . '/services/obrowser/');
$url = Util::addParameter($url, 'path', $path);
- $row['name'] = Horde::link($url) . $values['name'] . '</a>';
+ $row['name'] = Horde::link($url) . htmlspecialchars($values['name']) . '</a>';
} else {
$js = "return chooseObject('" . addslashes($path) . "');";
- $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . $values['name'] . '</a>';
+ $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . htmlspecialchars($values['name']) . '</a>';
}
$rows[] = $row;
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list