Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Horde Gollem <1.1.2 XSS in view.php
From: Josh Bressers <bressers () redhat com>
Date: Fri, 1 Oct 2010 16:05:12 -0400 (EDT)


----- "Alex Legler" <a3li () gentoo org> wrote:

Horde:
http://lists.horde.org/archives/announce/2010/000568.html


From that link:
    * Fixed an XSS vulnerability in util/icon_browser.php.

CVE-2010-3077. Also fixed in Horde Application Framework 3.3.9.

    * Fixed an XSS vulnerability in the Fetchmail configuration.

CVE n/a. Also fixed in Horde IMP 4.3.8
Reference:
http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

CVE-2010-3695



    * Fixed an XSS vulnerability when showing mailbox names.

CVE n/a. Also fixed in Horde DIMP 1.1.5
Reference: http://bugs.horde.org/ticket/9240

CVE-2010-3693



    * Protected preference forms against CSRF attacks.

CVE n/a. Also fixed in Horde Application Framework 3.3.9.
Reference: http://secunia.com/advisories/39860

CVE-2010-3694


I think this is everything else. Let me know if I've missed something.

Thanks.

-- 
    JB


  By Date           By Thread  

Current thread:
  • Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Josh Bressers (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault