CVE-2005-1315

Cross-site scripting XSS vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...

Path Disclosure in Turba of Horde

There is a path disclosure in status.php of Turba module at Horde 2.1, you get this: Fatal error: Call to a member function on a non-object in /opt/local/apache/htdocs/horde/turba/status.php on line 12 NOTE: i observed that this only occur in Turba...