Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-5917

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

Related bugs and status

CVE-2008-5917 (Candidate) is related to these bugs:

Bug #252475: Horde3 CVE-2008-3330 XSS

		In	Importance	Status
252475	Horde3 CVE-2008-3330 XSS	horde3 (Ubuntu)	Medium	Fix Released
252475	Horde3 CVE-2008-3330 XSS	horde3 (Ubuntu Intrepid)	Medium	Fix Released
252475	Horde3 CVE-2008-3330 XSS	horde3 (Debian)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://lists.opensuse....
MISC: http://lists.horde.org...
MISC: http://lists.horde.org...
MISC: http://cvs.horde.org/d...