Hello,
Here is a little "ping" to know if you intent to fix this
security issue[*] opened since july 2007.
[*] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434045
Regards,
On Sun, Jul 22, 2007 at 09:06:48AM +0200, Gregory Colpart wrote:
> Hello,
>
> The package horde3 has XSS vulnerability
Hi
What the attacker can do is the following:
* Set up a fake site.
* Trick some user to go to that site.
* Redirect the user to the real site and inject some fake login code or
similar.
There are proof on security focus that it is possible:
[Base_HREF]/horde/[Horde_App]/login.php?new_lang=%22
Hello,
The package horde3 has XSS vulnerability (See CVE-2007-1473 and bug #434045).
Affected versions are:
- sarge version (3.0.4-4sarge4)
- etch version (3.1.3-4)
- tesing/unstable version (3.1.3-5)
Upstream patch is trivial
(http://bugs.horde.org/ticket/?id=4816):
8<-
3 matches
Mail list logo
