[pkg-horde] Bug#536554: CVE-2009-2360: Cross-site scripting vulnerability
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Jul 11 05:31:56 UTC 2009
Package: sork-passwd-h3
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for sork-passwd-h3.
CVE-2009-2360[0]:
| Cross-site scripting (XSS) vulnerability in passwd/main.php in the
| Passwd module before 3.1.1 for Horde allows remote attackers to inject
| arbitrary web script or HTML via the backend parameter.
The upstream patch can be found here[1].
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360
http://security-tracker.debian.net/tracker/CVE-2009-2360
[1] http://bugs.horde.org/ticket/8398
More information about the pkg-horde-hackers
mailing list