CVE-2008-3824 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3824
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3824

Description: Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45031 SREASON http://securityreason.com/securityalert/4245 SAID Secunia Advisory: SA31842 OSVDB 47996 MLIST http://marc.info/?l=horde-announce&m=122104360019867&w=2 http://www.openwall.com/lists/oss-security/2008/09/10/1 http://marc.info/?l=horde-announce&m=122103888111491&w=2 MISC http://ocert.org/patches/2008-012/Text_Filter.31.patch http://ocert.org/patches/2008-012/Text_Filter.patch http://www.ocert.org/advisories/ocert-2008-012.html CONFIRM http://www.phpmyfaq.de/advisory_2008-09-11.php http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/496182/100/0/threaded BID 31107

Return to the previous page.