[pkg-horde] Bug#500114: CVE-2008-4182: XSS in turba2
Stefan Fritsch
sf at sfritsch.de
Thu Sep 25 08:51:19 UTC 2008
Package: turba2
Version: 2.1.3-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for turba2.
CVE-2008-4182[0]:
| Cross-site scripting (XSS) vulnerability in imp/test.php in Horde
| Turba Contact Manager H3 2.2.1, and possibly other Horde Project
| products, allows remote attackers to inject arbitrary web script or
| HTML via the User field in an IMAP session.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4182
http://security-tracker.debian.net/tracker/CVE-2008-4182
More information about the pkg-horde-hackers
mailing list