URL:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863>
Summary: Main screen message allows for potential security
risk
Project: phpGroupWare
Submitted by: None
Submitted on: Wed 07/20/2005 at 10:36
Category: None
Item Group: 0.9.16.000 release
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Component Version: None
Platform Version: GNU/Linux - RedHat/Fedora
Reproducibility: Every Time
Planned Release: None
Fixed Release:
_______________________________________________________
Details:
When editing the main screen message from the admin pages, it appears to be
possible to include *any* HTML that you like, which means that this could
potentially be abused, either with javascript or other code embedded in the
message.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Phpgroupware-tracker mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/phpgroupware-tracker
