CVE-2008-3823

Related Files

Debian Linux Security Advisory 1642-1

Posted Sep 20, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1642-1 - Will Drewry discovered that the Horde, allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting.

tags | advisory, remote, xss

systems | linux, debian

advisories | CVE-2008-3823

SHA-256 | 86fa3fafadc64c5326f69589f6e81f393290a5626436c792773c3cc89611f794

Download | Favorite | View

n.runs-SA-2008.006.txt

Posted Sep 11, 2008

Authored by Alexios Fakos | Site nruns.com

Horde versions 3.2 through 3.2.1 suffer from a cross site scripting vulnerability due to the handling of MIME attachments.

tags | advisory, xss

advisories | CVE-2008-3823

SHA-256 | c2a3082c148d60c17ee794b27d8f58dbea9dcafc37b3a98ef6dc4162c3890507

Download | Favorite | View

Open Source CERT Security Advisory 2008.12

Posted Sep 11, 2008

Authored by Will Drewry, Open Source CERT | Site ocert.org

Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework. The first of which is that the Horde framework fails to properly sanitize the filename of MIME attachments on received emails. The second vulnerability has a wider impact. Horde relies on code similar to Popoon's externalinput.php to filter out potential XSS attacks on user-supplied input. This filter, and the original, fail to fully sanitize user data.

tags | advisory, php, vulnerability, xss

advisories | CVE-2008-3823, CVE-2008-3824

SHA-256 | acda1d56ba4b8127f008b4511f6c73504b17ce52451cced4c4ab5e70aa2f8410

Download | Favorite | View