FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

horde -- multiple vulnerabilities

Affected packages
horde-base < 3.2.2

Details

VuXML ID 7d239578-7ff2-11dd-8de5-0030843d3802
Discovery 2008-09-10
Entry 2008-09-11
Modified 2008-10-03

Secunia reports:

Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks

Input via MIME attachment linking is not properly sanitised in the MIME library before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session if e.g. a malicious email is viewed.

Certain unspecified input in HTML messages is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script in a user's browser session if e.g. a malicious HTML email is viewed.

References

CVE Name CVE-2008-3823
CVE Name CVE-2008-3824
Message http://lists.horde.org/archives/announce/2008/000429.html
URL http://secunia.com/advisories/31842/