FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3aa8b781-d2c4-11e5-b2bd-002590263bf5horde -- XSS vulnerabilities

The Horde Team reports:

Fixed XSS vulnerabilities in menu bar and form renderer.


Discovery 2016-02-02
Entry 2016-02-14
horde
< 5.2.9

pear-Horde_Core
< 2.22.6

CVE-2015-8807
CVE-2016-2228
https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
https://bugs.horde.org/ticket/14213
https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
http://www.openwall.com/lists/oss-security/2016/02/06/4
http://lists.horde.org/archives/announce/2016/001149.html
e2e8d374-2e40-11db-b683-0008743bf21ahorde -- Phishing and Cross-Site Scripting Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks.

  1. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in a frameset. This can e.g. be exploited to trick a user into believing certain malicious content is served from a trusted web site.
  2. Some unspecified input passed in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Discovery 2006-08-17
Entry 2006-08-17
horde
<= 3.1.2

imp
<= 4.1.2

19557
19544
http://secunia.com/advisories/21500/
http://lists.horde.org/archives/announce/2006/000292.html