oss-sec mailing list archives

Re: CVE id request: horde3/turba2

From: "Steven M. Christey" <coley () linus mitre org>
Date: Sun, 27 Jul 2008 17:57:05 -0400 (EDT)


======================================================
Name: CVE-2008-3330
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3330
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578

Cross-site scripting (XSS) vulnerability in
services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote
attackers to inject arbitrary web script or HTML via the contact name.

Current thread:

CVE id request: horde3/turba2 Nico Golde (Jul 27)
- Re: CVE id request: horde3/turba2 Steven M. Christey (Jul 27)
  - Re: CVE id request: horde3/turba2 Tomas Hoger (Jul 28)
    - Re: CVE id request: horde3/turba2 Nico Golde (Jul 28)
    - Re: CVE id request: horde3/turba2 Steven M. Christey (Jul 28)