*** This bug is a security vulnerability *** Public security bug reported:
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3330 ** Affects: horde3 (Ubuntu) Importance: Medium Assignee: Emanuele Gentili (emgent) Status: In Progress ** Affects: horde3 (Ubuntu Intrepid) Importance: Medium Assignee: Emanuele Gentili (emgent) Status: In Progress ** Affects: horde3 (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** Changed in: horde3 (Ubuntu Intrepid) Importance: Undecided => Medium Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress ** Bug watch added: Debian Bug tracker #492578 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578 ** Also affects: horde3 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492578 Importance: Unknown Status: Unknown -- Horde3 CVE-2008-3330 XSS https://bugs.launchpad.net/bugs/252475 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs