Vigil@nce: Horde, Cross Site Scripting
September 2008 by
An attacker can generate two Cross Site Scripting in Horde products.
Consequences: client access/rights
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 10/09/2008
Unix - plateform
The Horde, Horde Groupware and Horde Groupware Webmail Edition products share the same source code and thus the same Cross Site Scripting vulnerabilities.
HTML messages are not correctly filtered, which can be used by an attacker for Cross Site Scripting attacks. [grav:2/4; CVE-2008-3824]
The MIME library does not correctly filter its output, which can be used by an attacker for Cross Site Scripting attacks. [grav:2/4; CVE-2008-3823]
Identifiers: CVE-2008-3823, CVE-2008-3824, ocert-2008-012, VIGILANCE-VUL-8102