Horde Turba Contact Manager Address Book Multiple Field XSS

ID OSVDB:21605
Type osvdb
Reporter OSVDB
Modified 2005-12-11T08:03:42


Technical Description

An attacker must supply valid authentication credentials in order to exploit this vulnerability.

Solution Description

Upgrade to version Turba 2.0.5 (Horde 3) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


Secunia Advisory ID:17968 Mail List Post: http://lists.horde.org/archives/announce/2005/000235.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2005-12/0011.html