View Issue Details

IDProjectCategoryView StatusLast Update
0002369SOGoWeb Calendarpublic2013-07-16 11:32
Reporterispoljaric Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.6 
Fixed in Version2.0.7 
Summary0002369: Persistant XSS via calendar invitation.
Description

XSS in location part of the event calendar, trough invitation.

Steps To Reproduce

Create a new event with following code(1) as location, and invite a Sogo user.

(1) Whatever <script>alert('xss')\;</script>

The code gets executed after clicking on calendar event.

TagsNo tags attached.

Issue History

Date Modified Username Field Change
2013-07-15 09:56 ispoljaric New Issue
2013-07-16 11:32 ludovic Note Added: 0005749
2013-07-16 11:32 ludovic Status new => closed
2013-07-16 11:32 ludovic Resolution open => fixed
2013-07-16 11:32 ludovic Fixed in Version => 2.0.7