Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 228493 - Horde (Groupware, Groupware Webmail Edition, and Kronolith) multiple XSS
Summary: Horde (Groupware, Groupware Webmail Edition, and Kronolith) multiple XSS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-20 11:00 UTC by Matthias Geerdsen (RETIRED)
Modified: 2008-06-24 11:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2008-06-20 11:00:00 UTC 
CVE-2008-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2783):
  Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware,
  Groupware Webmail Edition, and Kronolith allow remote attackers to inject
  arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2)
  workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO
  to the default URI.  NOTE: the provenance of this information is unknown; the
  details are obtained solely from third party information.
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2008-06-20 12:05:28 UTC 
I did not see this mentioned as fixed in the latest releases. Correct me if I am wrong there.

setting [upstream] for now

(This bug could be used as a tracker for 3 package bugs when the fix is available)
Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev 2008-06-24 11:59:43 UTC 
Closing as the individual packages have been bumped to the fixed versions. Only kronolith still awaits stabilization.