oss-sec mailing list archives
Re: CVE request - horde XSS
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 20 Jan 2009 20:24:54 -0500 (EST)
====================================================== Name: CVE-2008-5917 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917 Reference: MLIST:[announce] Horde 3.2.3 (final) Reference: URL:http://lists.horde.org/archives/announce/2008/000462.html Reference: MLIST:[announce] Horde 3.3.1 (final) Reference: URL:http://lists.horde.org/archives/announce/2008/000464.html Reference: CONFIRM:http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18 Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Current thread:
- CVE request - horde XSS Tomas Hoger (Jan 20)
- Re: CVE request - horde XSS Steven M. Christey (Jan 20)