Vigil@nce - Horde: Cross Site Scripting
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use a feature of the Horde Application Framework
in order to generate a Cross Site Scripting in Horde.
Severity: 2/4
Creation date: 07/09/2010
DESCRIPTION OF THE VULNERABILITY
The Horde Application Framework is a PHP framework providing
various services like compression, browser detection, MIME
handling, etc.
However, the page util/icon_browser.php of the framework does not
correctly checks data passed via URL. The "subdir" parameter can
therefore be used to run HTML code in the context of the browser.
An attacker can therefore use the icon_browser feature in order to
generate a Cross Site Scripting in Horde.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Horde-Cross-Site-Scripting-9906