CVE-2008-3824

Related Files

n.runs-SA-2008.007.txt

Posted Sep 11, 2008

Authored by Alexios Fakos | Site nruns.com

The Horde project relies on code similar to Popoon's externalinput.php to filter out potential cross site scripting attacks on user-supplied input. Other projects are using the same code base. Therefore this vulnerability affects also the popular Cake-PHP framework. Hence, all users that rely on the externalinput sanitization functionality are affected by this vulnerability, as in addition to many other unrelated, open source projects.

tags | advisory, php, xss

advisories | CVE-2008-3824

SHA-256 | 21fcfc2eb2dfbc50c7d42dd8d19fdf5f77e420370c183904809c229552d63d54

Download | Favorite | View

Open Source CERT Security Advisory 2008.12

Posted Sep 11, 2008

Authored by Will Drewry, Open Source CERT | Site ocert.org

Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework. The first of which is that the Horde framework fails to properly sanitize the filename of MIME attachments on received emails. The second vulnerability has a wider impact. Horde relies on code similar to Popoon's externalinput.php to filter out potential XSS attacks on user-supplied input. This filter, and the original, fail to fully sanitize user data.

tags | advisory, php, vulnerability, xss

advisories | CVE-2008-3823, CVE-2008-3824

SHA-256 | acda1d56ba4b8127f008b4511f6c73504b17ce52451cced4c4ab5e70aa2f8410

Download | Favorite | View