Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Horde, Cross Site Scripting

September 2008 by

SYNTHESIS

An attacker can generate two Cross Site Scripting in Horde products.

Gravity: 2/4

Consequences: client access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 10/09/2008

Identifier: VIGILANCE-VUL-8102

IMPACTED PRODUCTS

- Unix - plateform

DESCRIPTION

The Horde, Horde Groupware and Horde Groupware Webmail Edition products share the same source code and thus the same Cross Site Scripting vulnerabilities.

HTML messages are not correctly filtered, which can be used by an attacker for Cross Site Scripting attacks. [grav:2/4; CVE-2008-3824]

The MIME library does not correctly filter its output, which can be used by an attacker for Cross Site Scripting attacks. [grav:2/4; CVE-2008-3823]

CHARACTERISTICS

Identifiers: CVE-2008-3823, CVE-2008-3824, ocert-2008-012, VIGILANCE-VUL-8102

https://vigilance.aql.fr/tree/1/8102




See previous articles

    

See next articles