Hi, a CVE id has been assigned to this issue: ====================================================== Name: CVE-2008-3330 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3330 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpf3kWErF40S.pgp
Description: PGP signature
