Horde services/problem.php name Variable XSS

2006-07-05T04:04:03
ID OSVDB:27034
Type osvdb
Reporter OSVDB
Modified 2006-07-05T04:04:03

Description

Solution Description

Upgrade to version 3.0.11, 3.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

[Base_URI]/services/problem.php?name=%22%3E%3Cscript%3Ealert(0)%3B%3C/script%20x=%22

References:

Vendor URL: http://www.horde.org/ Vendor Specific Advisory URL Security Tracker: 1016442 Secunia Advisory ID:20954 Secunia Advisory ID:21459 Secunia Advisory ID:27565 Related OSVDB ID: 27032 Related OSVDB ID: 27033 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1406 Other Advisory URL: http://moritz-naumann.com/adv/0011/hordemulti/0011.txt Mail List Post: http://lists.horde.org/archives/announce/2006/000288.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0064.html Mail List Post: http://lists.horde.org/archives/announce/2006/000287.html FrSIRT Advisory: ADV-2006-2694 CVE-2006-3548 Bugtraq ID: 18845