[pkg-horde] Bug#536554: CVE-2009-2360: Cross-site scripting vulnerability

Steffen Joeris steffen.joeris at skolelinux.de
Sat Jul 11 05:31:56 UTC 2009

Package: sork-passwd-h3
Severity: grave
Tags: security patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for sork-passwd-h3.

| Cross-site scripting (XSS) vulnerability in passwd/main.php in the
| Passwd module before 3.1.1 for Horde allows remote attackers to inject
| arbitrary web script or HTML via the backend parameter.

The upstream patch can be found here[1].

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360
[1] http://bugs.horde.org/ticket/8398

More information about the pkg-horde-hackers mailing list