From ab6d2d5a2f18a6a0078bf1a61c6c8b3bddf35d59 Mon Sep 17 00:00:00 2001 From: Thierry Thomas Date: Tue, 28 Sep 2010 17:09:35 +0000 Subject: [PATCH] Report 2 vulnerabilities in www/horde-base. --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d703a69ead72..8c5e896cd9bb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + horde-base -- XSS and CSRF vulnerabilities + + + horde-base + 3.3.9 + + + + +

The Horde team reports:

+
+

Thanks to Naumann IT Security Consulting for reporting the XSS + vulnerability.

+

Thanks to Secunia for releasing an advisory for the new CSRF + protection in the preference interface

+

The major changes compared to Horde version 3.3.8 are:

+

* Fixed XSS vulnerability in util/icon_browser.php.

+

* Protected preference forms against CSRF attacks.

+
+ + + + http://article.gmane.org/gmane.comp.horde.announce/515 + http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.607&r2=1.515.2.620&ty=h + http://secunia.com/advisories/39860/ + http://holisticinfosec.org/content/view/145/45/ + + + 2010-06-03 + 2010-09-28 + + + openx -- remote code execution vulnerability