[pkg-horde] Bug#383416: horde3: 3.0.11 fixes XSS issues is CVE-2006-4255/CVE-2006-4256

Stefan Fritsch sf at sfritsch.de
Sat Aug 26 20:49:32 UTC 2006


These issues have been assigned CVE-2006-4255/CVE-2006-4256:

CVE-2006-4255:
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in
Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary
web script or HTML via multiple unspecified vectors related to folder
names, as injected into the vfolder_label form field in the IMP search
screen.

CVE-2006-4256:
index.php in Horde Application Framework before 3.1.2 allows remote
attackers to include web pages from other sites, which could be useful
for phishing attacks, via a URL in the url parameter, aka "cross-site
referencing." NOTE: some sources have referred to this issue as XSS,
but it is different than classic XSS.

Please mention the CVE-ids in the changelog.




More information about the pkg-horde-hackers mailing list