Secunia
Login
|
|
CVE Reference: CVE-2008-3824 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3824 |
|
|
Description: Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45031 SREASON http://securityreason.com/securityalert/4245 SAID Secunia Advisory: SA31842 OSVDB 47996 MLIST http://marc.info/?l=horde-announce&m=122104360019867&w=2 http://www.openwall.com/lists/oss-security/2008/09/10/1 http://marc.info/?l=horde-announce&m=122103888111491&w=2 MISC http://ocert.org/patches/2008-012/Text_Filter.31.patch http://ocert.org/patches/2008-012/Text_Filter.patch http://www.ocert.org/advisories/ocert-2008-012.html CONFIRM http://www.phpmyfaq.de/advisory_2008-09-11.php http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/496182/100/0/threaded BID 31107 |
|
| Return to the previous page. |
