0002369: Persistant XSS via calendar invitation. - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0002369	SOGo	Web Calendar	public	2013-07-15 13:56	2013-07-16 15:32

Reporter	ispoljaric	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2.0.6
Fixed in Version	2.0.7

Summary	0002369: Persistant XSS via calendar invitation.
Description	XSS in location part of the event calendar, trough invitation.
Steps To Reproduce	Create a new event with following code(1) as location, and invite a Sogo user. (1) Whatever <script>alert('xss')\;</script> The code gets executed after clicking on calendar event.
Tags	No tags attached.

Date Modified	Username	Field	Change
2013-07-15 13:56	ispoljaric	New Issue
2013-07-16 15:32	ludovic	Note Added: 0005749
2013-07-16 15:32	ludovic	Status	new => closed
2013-07-16 15:32	ludovic	Resolution	open => fixed
2013-07-16 15:32	ludovic	Fixed in Version	=> 2.0.7

ludovic 2013-07-16 15:32 administrator ~0005749	https://github.com/inverse-inc/sogo/commit/e08ebd2390ad81bcf7d63c200de85eddbf80bcd6