oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Horde: Two cross-site scripting vulnerabilities

From: cve-assign () mitre org
Date: Sat, 6 Feb 2016 15:50:39 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Cross-site scripting in XSS in Horde_Core_VarRenderer_Html:
https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
https://bugs.debian.org/813590



horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php
_renderVarInput_number


Use CVE-2015-8807.



Reflected cross-site scripting
https://bugs.horde.org/ticket/14213
https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
https://bugs.debian.org/813573



menu bar
horde/templates/topbar/_menubar.html.php



searchfield=[XSS]


Use CVE-2016-2228.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWtlwPAAoJEL54rhJi8gl5dAIP/Rfox2KrvHpKw+/z/gdXQrsz
M0zWsVZZtAt4mhK6AIEABbuhgSMFTyFtoeYas1uP6ULseRT3LMT0NG0d4Ekm11MA
/s6aAhMAo1sY57CPhfFubScgG360vCOp/7g0J41m9aC7PyAiZ6fAbXjoc/gbwwzs
jk3ZrC5L6hgDRyFUojq0uIiDKJIlzdykBFHOwtGYSC7IRvNpktcQBQpqnSDR89BK
Lq8DMJOW9lipjs0OlTSiy/MXPXc/OnLPhQT1GxKtVIJYz0fg8xehs7iSmTvbko79
IFD3qX9g35+yDPeEP/vQ7u892SogGD1au7lGo1AzERQbRmUaswJmXTdwnzBJgLmC
DNgbBEyXFq30lXQRsgYKu0Le1tovgtnNOrjBkv6J21+bcW0C6xfx5p4hemcsjiK2
mAiF1zbq2JAok9IUSC1jfzBHqdqkMopJ6v9WtteRUjKsCVswllz7IcfF/cua/UiY
0dF8hGDCvsl6EbHv6e3dYkvR05A21i29E3IUXeV+cWKzrCOqyEqyk07TfMUUw8xS
8EQ+HPm7XH1LsS9nYV9PR2BBgq0MxFLKs/8c1CtLfIcG0rDVFuqha1ji9FN1soKJ
1KXHLTYxCyh3VsQbdmE96YN2ISisbrjzbrkL3bnBMY7xp3ZnhD6OPyEQK5Mt9cux
vrzTo5RX4q7QC10RjC9u
=nKGn
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: