On Fri, 2006-12-08 at 10:02 -0300, Alex de Oliveira Silva wrote: > 1) The application allows users to send messages via HTTP requests > without performing any validity checks to verify the request. This can > be exploited to send > messages to arbitrary users by e.g. tricking a target user into visiting a > malicious website. > > 2) Input passed to the form field "Message body" in privmsg.php is not > properly sanitised before it is returned to the user when sending > messages to a > non-existent user. This can be exploited to execute arbitrary HTML and script > code in a user's browser session in context of an affected site.
Thank you for your report. I will wait a small bit to see whether and how upstream responds to this. Thijs
signature.asc
Description: This is a digitally signed message part
