diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d703a69ead72..8c5e896cd9bb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + horde-base -- XSS and CSRF vulnerabilities + + + horde-base + 3.3.9 + + + + +

The Horde team reports:

+
+

Thanks to Naumann IT Security Consulting for reporting the XSS + vulnerability.

+

Thanks to Secunia for releasing an advisory for the new CSRF + protection in the preference interface

+

The major changes compared to Horde version 3.3.8 are:

+

* Fixed XSS vulnerability in util/icon_browser.php.

+

* Protected preference forms against CSRF attacks.

+
+ +
+ + http://article.gmane.org/gmane.comp.horde.announce/515 + http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.607&r2=1.515.2.620&ty=h + http://secunia.com/advisories/39860/ + http://holisticinfosec.org/content/view/145/45/ + + + 2010-06-03 + 2010-09-28 + +
+ openx -- remote code execution vulnerability