4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Will Drewry discovered that Horde allows remote attackers to send
an email with a crafted MIME attachment filename attribute to perform
cross site scripting.
For the stable distribution (etch), this problem has been fixed in
version 3.1.3-4etch4.
For the testing distribution (lenny), this problem has been fixed in
version 3.2.1+debian0-2+lenny1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your horde3 package.
CPE | Name | Operator | Version |
---|---|---|---|
horde3 | eq | 3.1.3-4etch1 | |
horde3 | eq | 3.1.3-4etch3 | |
horde3 | eq | 3.1.3-4etch2 | |
horde3 | eq | 3.1.3-4 |