From 6fe8f381c059843519798b252b9e68598827b81e Mon Sep 17 00:00:00 2001 From: Martin Wilke Date: Thu, 11 Sep 2008 11:45:37 +0000 Subject: - Document horde -- multiple vulnerabilities Approved by: portmgr (secteam blanked) --- security/vuxml/vuln.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b5c604db64a5..1d583cfff854 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file. --> + + horde -- multiple vulnerabilities + + + horde-base + 3.2.2 + + + + +

secunia reports:

+
Some vulnerabilities have been reported in various Horde products, + which can be exploited by malicious people to conduct script insertion + attacks
+
Input via MIME attachment linking is not properly sanitised in the + MIME library before being used. This can be exploited to execute + arbitrary HTML and script code in a user's browser session if e.g. a + malicious email is viewed.
+
Certain unspecified input in HTML messages is not properly + sanitised before being used. This can be exploited to execute + arbitrary HTML and script in a user's browser session if e.g. a + malicious HTML email is viewed.
+

+ + + + CVE-2008-3823 + CVE-2008-3824 + http://lists.horde.org/archives/announce/2008/000429.html + http://secunia.com/advisories/31842/ + + + 2008-09-10 + 2008-09-11 + + + python -- multiple vulnerabilities -- cgit v1.2.3