Package: horde3 Severity: grave Tags: security Justification: user security hole
Hi mate A possible security hole has been discovered in horde3. The CVE[0] text says: Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. It states that all the versions in Debian are effected. Feel free to downgrade the bug, if I am mistaken. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1473 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]