oss-sec mailing list archives
Re: CVE request: Horde Gollem <1.1.2 XSS in view.php
From: Moritz Muehlenhoff <jmm () debian org>
Date: Thu, 30 Sep 2010 23:13:56 +0200
Hi Alex,
while there seem to be CVE IDs for most of the issues fixed in the latest Horde packages, I cannot find one for this issue:From http://bugs.horde.org/ticket/9191:"http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<script>alert("XSS")</script>&dir=../baddir/&driver=file Vulnerable file : view.php (Line 32 - 46)" Fixed in git (and released in 1.1.2): http://lists.horde.org/archives/commits/2010-August/004747.html http://lists.horde.org/archives/announce/2010/000565.html
There appear to be quite a few new issues related to Horde and related packages. AFAICT the issues mentioned below are also new and haven't been assigned CVE IDs? Horde: http://lists.horde.org/archives/announce/2010/000568.html Dimp (Dynamic Imp): http://lists.horde.org/archives/announce/2010/000561.html Imp4 http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html Cheers, Moritz
Current thread:
- CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 29)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Josh Bressers (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Moritz Muehlenhoff (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 30)