Horde Turba Contact Manager Address Book Multiple Field XSS

2005-12-11T08:03:42
ID OSVDB:21605
Type osvdb
Reporter OSVDB
Modified 2005-12-11T08:03:42

Description

Technical Description

An attacker must supply valid authentication credentials in order to exploit this vulnerability.

Solution Description

Upgrade to version Turba 2.0.5 (Horde 3) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Secunia Advisory ID:17968 Mail List Post: http://lists.horde.org/archives/announce/2005/000235.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2005-12/0011.html