Vigil@nce: Horde, five vulnerabilities
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate several Cross Site Scripting and a Cross
Site Request Forgery in Horde applications.
– Severity: 2/4
– Creation date: 28/09/2010
– Revision date: 29/09/2010
DESCRIPTION OF THE VULNERABILITY
Five vulnerabilities were announced in Horde.
An attacker can generate a Cross Site Scripting in
util/icon_browser.php. [severity:2/4; CVE-2010-3077]
An attacker can generate a Cross Site Scripting in the Fetchmail
configuration (fetchmailprefs.php). [severity:2/4; CVE-2010-3695]
An attacker can generate a Cross Site Scripting when mailbox names
are displayed. [severity:2/4; CVE-2010-3693]
An attacker can generate a Cross Site Scripting in the File
Viewer. [severity:2/4; CVE-2010-3447]
An attacker can generate a Cross Site Request Forgery.
[severity:2/4; BID-43515, CVE-2010-3694]
An attacker can therefore generate several Cross Site Scripting
and a Cross Site Request Forgery in Horde applications.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Horde-five-vulnerabilities-9982