[pkg-horde] Bug#415117: imp4: XSS vulnerability in search screen and thread view

Lionel Elie Mamane lionel at mamane.lu
Fri Mar 16 08:33:26 CET 2007


Package: imp4
Version: 4.0.2-1
Severity: grave
Tags: security
Justification: security hole when package used

Upstream changelog of new version says:

This (..) fixes two cross site scripting vulnerabilities.

Major changes compared to the IMP H3 (4.1.4-RC1) version are:
    * Fixed XSS vulnerabilities in the search screen and thread view.

Sarge may or may not be vulnerable, I haven't checked yet.x




More information about the pkg-horde-hackers mailing list