|
|
Subscribe / Log in / New account

horde: cross-site scripting

Package(s):horde CVE #(s):CVE-2010-3077 CVE-2010-3694
Created:November 5, 2010 Updated:July 18, 2011
Description: From the Red Hat bugzilla:

a deficiency in the way Horde framework sanitized user-provided 'subdir' parameter, when composing final path to the image file. A remote, unauthenticated user could use this flaw to conduct cross-site scripting attacks (execute arbitrary HTML or scripting code) by providing a specially-crafted URL to the running Horde framework instance.

Alerts:
Mageia MGASA-2012-0239 horde 2012-08-26
Debian DSA-2278-1 horde3 2011-07-16
Fedora FEDORA-2010-16555 horde 2010-10-21
Fedora FEDORA-2010-16525 horde 2010-10-20
Fedora FEDORA-2010-16592 horde 2010-10-21
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds