oss-sec mailing list archives
CVE request: Horde Gollem <1.1.2 XSS in view.php
From: Alex Legler <a3li () gentoo org>
Date: Wed, 29 Sep 2010 21:20:10 +0200
Hi, while there seem to be CVE IDs for most of the issues fixed in the latest Horde packages, I cannot find one for this issue:
From http://bugs.horde.org/ticket/9191:
"http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<script>alert("XSS")</script>&dir=../baddir/&driver=file Vulnerable file : view.php (Line 32 - 46)" Fixed in git (and released in 1.1.2): http://lists.horde.org/archives/commits/2010-August/004747.html http://lists.horde.org/archives/announce/2010/000565.html Thanks, Alex -- Alex Legler <a3li () gentoo org> Gentoo Security/Ruby
Attachment:
signature.asc
Description:
Current thread:
- CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 29)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Josh Bressers (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Moritz Muehlenhoff (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 30)