[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request - horde XSS
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-01-21 1:24:54
Message-ID: Pine.GSO.4.51.0901202024500.22454 () faron ! mitre ! org
[Download RAW message or body]



======================================================
Name: CVE-2008-5917
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917
Reference: MLIST:[announce] Horde 3.2.3 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000462.html
Reference: MLIST:[announce] Horde 3.3.1 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000464.html
Reference: CONFIRM:http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18

Cross-site scripting (XSS) vulnerability in the XSS filter
(framework/Text_Filter/Filter/xss.php) in Horde Application Framework
3.2.2 and 3.3, when Internet Explorer is being used, allows remote
attackers to inject arbitrary web script or HTML via unknown vectors
related to style attributes.


[prev in list] [next in list] [prev in thread] [next in thread]