oss-sec mailing list archives
Re: horde webmail edition < 1.1.1
From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 13 Aug 2008 14:00:03 +0200
Hi Tomas, * Tomas Hoger <thoger () redhat com> [2008-08-13 13:50]:
On Wed, 13 Aug 2008 12:31:03 +0200 Nico Golde <oss-security+ml () ngolde de> wrote:Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.This should be a duplicate of CVE-2008-3330.Actually, (1) is covered by CVE-2008-3330, (2) probably never got an id. Bit more info on (2) here: https://bugzilla.redhat.com/show_bug.cgi?id=452549 Steven, can you please correct CVE description. Thanks!
Hmm, actually I thought this would have been added after my post on: http://www.openwall.com/lists/oss-security/2008/07/28/3 which already mentions this. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- horde webmail edition < 1.1.1 Hanno Böck (Aug 12)
- Re: horde webmail edition < 1.1.1 Steven M. Christey (Aug 12)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 13)
- Re: horde webmail edition < 1.1.1 Tomas Hoger (Aug 13)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 13)
- Re: horde webmail edition < 1.1.1 Tomas Hoger (Aug 13)
- Re: horde webmail edition < 1.1.1 Steven M. Christey (Aug 14)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 16)
- Re: horde webmail edition < 1.1.1 Nico Golde (Aug 13)
- Re: horde webmail edition < 1.1.1 Steven M. Christey (Aug 12)