oss-sec mailing list archives
Re: CVE request: Horde Gollem <1.1.2 XSS in view.php
From: Josh Bressers <bressers () redhat com>
Date: Thu, 30 Sep 2010 15:55:09 -0400 (EDT)
Please use CVE-2010-3447 Thanks. -- JB ----- "Alex Legler" <a3li () gentoo org> wrote:
Hi, while there seem to be CVE IDs for most of the issues fixed in the latest Horde packages, I cannot find one for this issue: From http://bugs.horde.org/ticket/9191: "http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<script>alert("XSS")</script>&dir=../baddir/&driver=file Vulnerable file : view.php (Line 32 - 46)" Fixed in git (and released in 1.1.2): http://lists.horde.org/archives/commits/2010-August/004747.html http://lists.horde.org/archives/announce/2010/000565.html Thanks, Alex -- Alex Legler <a3li () gentoo org> Gentoo Security/Ruby
Current thread:
- CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 29)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Josh Bressers (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Moritz Muehlenhoff (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 30)