Bug#383416: horde3: 3.0.11 fixes XSS issues is CVE-2006-4255/CVE-2006-4256
These issues have been assigned CVE-2006-4255/CVE-2006-4256: CVE-2006-4255: Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. CVE-2006-4256: index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka cross-site referencing. NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. Please mention the CVE-ids in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383416: [pkg-horde] Bug#383416: horde3: 3.0.11 fixes XSS issues
Hi Thanks. This will be handled as soon as possible. Regards, // Ola On Thu, Aug 17, 2006 at 03:51:26PM +1000, Geoff Crompton wrote: Package: horde3 Severity: normal Horde 3.0.11 fixes some XSS issues, according to http://lists.horde.org/archives/announce/2006/000287.html This is being tracked at secfocus: http://www.securityfocus.com/bid/19544 No CVE yet. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.16-2-xen-686 Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) ___ pkg-horde-hackers mailing list [EMAIL PROTECTED] http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers -- - Ola Lundqvist --- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383416: horde3: 3.0.11 fixes XSS issues
Package: horde3 Severity: normal Horde 3.0.11 fixes some XSS issues, according to http://lists.horde.org/archives/announce/2006/000287.html This is being tracked at secfocus: http://www.securityfocus.com/bid/19544 No CVE yet. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.16-2-xen-686 Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
