horde-webmail

2011-02-06

Page content

Author: Miklos Vajna
Vulnerable: 1.2.4-1
Unaffected: 1.2.9-1haven1

A vulnerability has been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user while viewing a vCard. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious vCard is being viewed.

Bug Tracker URL: http://bugs.frugalware.org/task/4408

CVEs:

No CVE references, see http://lists.horde.org/archives/announce/2010/000574.html