[mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox…

… view (João Machado <geral@jpaulo.eu>). Severity: low (requires a separate attack vector to store the XSS code as a mailbox name on the IMAP server)
horde · Mar 13, 2014 · 2f1f4b1 · 2f1f4b1
1 parent 88f612c
commit 2f1f4b1
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/imp/docs/CHANGES b/imp/docs/CHANGES
@@ -2,6 +2,8 @@
 v6.1.8-git
 ----------
 
+[mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox view
+      (João Machado <geral@jpaulo.eu>).
 
 
 ------

diff --git a/imp/js/dimpbase.js b/imp/js/dimpbase.js
@@ -2005,7 +2005,7 @@ var DimpBase = {
             text += ' (' + this.messageCountText(rows) + ')';
         }
 
-        $('mailboxName').update(text);
+        $('mailboxName').update(text.escapeHTML());
     },
 
     // m = (string|Element) Mailbox element.

diff --git a/imp/package.xml b/imp/package.xml
@@ -33,7 +33,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
  <notes>
-* 
+* [mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox view (João Machado &lt;geral@jpaulo.eu&gt;).
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -3343,7 +3343,7 @@
    <date>2014-03-07</date>
    <license uri="http://www.horde.org/licenses/gpl">GPL-2.0</license>
    <notes>
-* 
+* [mms] SECURITY: Fix XSS in displaying mailbox name in dynamic mailbox view (João Machado &lt;geral@jpaulo.eu&gt;).
    </notes>
   </release>
  </changelog>