oss-sec mailing list archives
Re: horde webmail edition < 1.1.1
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 13 Aug 2008 13:37:40 +0200
On Wed, 13 Aug 2008 12:31:03 +0200 Nico Golde <oss-security+ml () ngolde de> wrote:
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.This should be a duplicate of CVE-2008-3330.
Actually, (1) is covered by CVE-2008-3330, (2) probably never got an id. Bit more info on (2) here: https://bugzilla.redhat.com/show_bug.cgi?id=452549 Steven, can you please correct CVE description. Thanks! -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- horde webmail edition < 1.1.1 Hanno Böck (Aug 12)
- Re: horde webmail edition < 1.1.1 Steven M. Christey (Aug 12)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 13)
- Re: horde webmail edition < 1.1.1 Tomas Hoger (Aug 13)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 13)
- Re: horde webmail edition < 1.1.1 Tomas Hoger (Aug 13)
- Re: horde webmail edition < 1.1.1 Steven M. Christey (Aug 14)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 16)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 13)
- Re: horde webmail edition < 1.1.1 Steven M. Christey (Aug 12)