News
Vigil@nce - Horde: four Cross Site Scripting
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use four Cross Site Scripting in Horde products, in order to execute JavaScript code in the context of the web site.
Severity: 2/4
Creation date: 17/01/2012
Revision date: 23/01/2012
IMPACTED PRODUCTS
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Four Cross Site Scripting were announced in Horde.
An attacker can generate a Cross Site Scripting in the traditional view of the compose page. [severity:2/4; CVE-2012-0791]
An attacker can generate a Cross Site Scripting in the contacts window. [severity:2/4; CVE-2012-0791]
An attacker can generate a Cross Site Scripting via an IMAP mailbox name. [severity:2/4; CVE-2012-0791]
An attacker can create a Cross Site Scripting in Horde Groupware Webmail Edition, during the validation of emails. [severity:2/4; CVE-2012-0909]
An attacker can therefore execute JavaScript code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
