From $URL: http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<script>alert("XSS")</script>&dir=../baddir/&driver=file Vulnerable file : view.php (Line 32 - 46) Fixed in 1.1.2.
Arches, please test and mark stable: =www-apps/horde-gollem-1.1.2 Target keywords : "alpha amd64 hppa ppc sparc x86"
I tested the following things together on x86 with apache (dev-lang/php-5.2.14) and my dovecot imap server. I've seen no problems at all! :-) www-apps/horde-3.3.9 Bug #336319 www-apps/horde-imp-4.3.8 Bug #307759 www-apps/horde-dimp-1.1.5 Bug #307759 www-apps/horde-gollem-1.1.2 Bug #339168
Stable on alpha.
amd64 done
x86 stable, thanks Andreas
ppc done
sparc stable
Stable for HPPA.
GLSA vote: No, XSS.
Vote: NO, XSS in webapp. Closing noglsa.