blob: b55ba5703918f15c5c825853d95c4d6cb1d77d6c [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200606-28">
<title>Horde Web Application Framework: XSS vulnerability</title>
The Horde Web Application Framework is vulnerable to a cross-site scripting
<product type="ebuild">horde</product>
<announced>June 29, 2006</announced>
<revised>June 29, 2006: 01</revised>
<package name="www-apps/horde" auto="yes" arch="*">
<unaffected range="ge">3.1.1-r1</unaffected>
<vulnerable range="lt">3.1.1-r1</vulnerable>
The Horde Web Application Framework is a general-purpose web
application framework written in PHP, providing classes for handling
preferences, compression, browser detection, connection tracking, MIME,
and more.
Michael Marek discovered that the Horde Web Application Framework
performs insufficient input sanitizing.
<impact type="low">
An attacker could exploit these vulnerabilities to execute arbitrary
scripts running in the context of the victim's browser.
There is no known workaround at this time.
All horde users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/horde-3.1.1-r1&quot;</code>
<uri link="">CVE-2006-2195</uri>
<metadata tag="submitter" timestamp="Thu, 22 Jun 2006 14:59:32 +0000">
<metadata tag="bugReady" timestamp="Fri, 23 Jun 2006 18:49:08 +0000">