Hi, On Sat, Apr 25, 2015 at 10:17:33PM +0200, Salvatore Bonaccorso wrote:
> David, CVE-2015-3011 is exploitable if a victim user tries to edit a > specially crafted contact item which he has access to? Indeed, I managed to craft a group name, allowing to inject JavaScript when editing the contact. The fix prevent to execute such JavaScript. On the other hand, I have not yet managed to figure out a PoC allowing to share the crafted field with another user (but that’s probably just me not being aware of all features: upstream description is pretty clear about this attack vector. If the victim can only be the attacker, that would be pointless anyway…). Regards David
signature.asc
Description: Digital signature