FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3823

This CVE name corresponds to:

Entered Topic
2008-09-11 horde -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3823 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3823
Phase Assigned(20080827)

Description

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

References

Source Reference
BUGTRAQ 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)
MLIST [horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)
MLIST [oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)
MISC http://ocert.org/patches/2008-012/MIME.patch
MISC http://www.ocert.org/advisories/ocert-2008-012.html
DEBIAN DSA-1642
BID 31110
VUPEN ADV-2008-2548
SECUNIA 31842
SECUNIA 31959
SREASON 4245
XF horde-mime-xss(45030)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.