Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3824

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3824
Last Modified 07 Mar 2011 10:11:28
Published 12 Sep 2008 12:56:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3824

Summary

Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.

Vulnerable Systems

Application

  • Horde 3.1.1

  • Horde 3.1.2

  • Horde 3.1.3

  • Horde 3.1.4

  • Horde 3.1.5

  • Horde 3.1.6

  • Horde 3.1.7

  • Horde 3.1.8

  • Horde 3.2

  • Horde 3.2.1

  • Popoon R22196


References

BUGTRAQ - 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)

MISC - http://www.ocert.org/advisories/ocert-2008-012.html

MISC - http://ocert.org/patches/2008-012/Text_Filter.patch

MISC - http://ocert.org/patches/2008-012/Text_Filter.31.patch

MLIST - [horde-announce] 20080910 Horde 3.1.9 (final)

XF - horde-htmlmessages-xss(45031)

VUPEN - ADV-2008-2548

BID - 31107

CONFIRM - http://www.phpmyfaq.de/advisory_2008-09-11.php

MLIST - [oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)

SREASON - 4245

SECUNIA - 31842

OSVDB - 47996

MLIST - [horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)

CONFIRM - http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html


Last Updated: 27 May 2016 10:48:19