Bug#512592: CVE-2008-5917: Cross-site scripting (XSS) vulnerability in the XSS filter

Raphael Geissert Wed, 21 Jan 2009 17:21:39 -0800

Package: horde3
Version: 3.2.2+debian0-1
Severity: important
Tags: security patch


Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
horde3.

CVE-2008-5917[1]:
> Cross-site scripting (XSS) vulnerability in the XSS filter
> (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2
> and 3.3, when Internet Explorer is being used, allows remote attackers to
> inject arbitrary web script or HTML via unknown vectors related to style
> attributes.

The changes made by upstream to fix this bug are available at [2].

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917
     http://security-tracker.debian.net/tracker/CVE-2008-5917
[2]http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

signature.asc
Description: This is a digitally signed message part.

Bug#512592: CVE-2008-5917: Cross-site scripting (XSS) vulnerability in the XSS filter

Reply via email to