URL: <http://savannah.nongnu.org/bugs/?32013>
Summary: Improper escaping of certain HTML sequences (XSS) Project: MHonArc Submitted by: ehood Submitted on: Thu 30 Dec 2010 02:04:54 PM CST Category: MIME Filter Severity: 6 - Security Item Group: Undesired Behavior Status: Confirmed Privacy: Public Assigned to: ehood Open/Closed: Open Discussion Lock: Any Operating System: All Perl Version: All Component Version: 2.6.16 Fixed Release: _______________________________________________________ Details: Specially crafted HTML email message can allow scripting content to make it passed the default HTML MIME filter, allowing for XSS-based attack on archive site. References: https://bugzilla.redhat.com/show_bug.cgi?id=664718 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693 _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?32013> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ --------------------------------------------------------------------- To sign-off this list, send email to majord...@mhonarc.org with the message text UNSUBSCRIBE MHONARC-DEV