[pkg-horde] Bug#500553: CVE-2008-4182: XSS in imp4

Steffen Joeris steffen.joeris at skolelinux.de
Mon Sep 29 10:00:13 UTC 2008

Package: imp4
Severity: important
Tags: security, patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for imp4.

| Cross-site scripting (XSS) vulnerability in imp/test.php in Horde
| Turba Contact Manager H3 2.2.1, and possibly other Horde Project
| products, allows remote attackers to inject arbitrary web script or
| HTML via the User field in an IMAP session.

The upstream patch for this issue can be found here[1]. Please address
this issue together with the turba2 XSS for lenny via migration from

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.


For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4182
[1] http://cvs.horde.org/diff.php/imp/test.php?r1=1.70&r2=1.71

More information about the pkg-horde-hackers mailing list