lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: ulfh at update.uu.se (Ulf Harnhammar) Subject: kmMail XSS kmMail XSS * kmMail is an open-sourced web-based mail client, based on Keftamail. * kmMail version 1.0b has got a cross-site scripting bug when viewing HTML e-mail messages. It filters out bad HTML elements, but not good HTML elements with bad HTML attributes like this one: <b onMouseOver="alert(document.location)">bolder</b> * kmMail version 1.0b.1 doesn't have this problem. * Therefore any kmMail users out there should upgrade. // Ulf Harnhammar VSU Security ulfh@...ate.uu.se
Powered by blists - more mailing lists