Vigil@nce: Horde, two Cross Site Scripting
December 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use two Cross Site Scripting in Horde products, in
order to execute JavaScript code in the context of the web site.
Severity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 16/12/2009
Revision date: 17/12/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Two Cross Site Scripting were announced in Horde.
The phpshell.php, cmdshell.php and sqlshell.php administration
pages do not correctly filter the PHP_SELF variable. [grav:2/4;
BID-37351, CVE-2009-3701]
When HTML messages are displayed, Horde filter them in order to
prevent Cross Site Scripting. However, this filter is not
sufficient for Firefox users. [grav:2/4; CVE-2009-4363]
An attacker can therefore execute JavaScript code in the context
of the web site.
CHARACTERISTICS
Identifiers: BID-37351, CVE-2009-3701, CVE-2009-4363,
VIGILANCE-VUL-9296
http://vigilance.fr/vulnerability/Horde-two-Cross-Site-Scripting-9296