FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

horde -- XSS vulnerabilities

Affected packages
3.* < horde < 3.0.1
3.* < horde-php5 < 3.0.1

Details

VuXML ID 338d1723-5f03-11d9-92a7-000bdb1444a4
Discovery 2005-01-04
Entry 2005-01-22

A Hyperdose Security Advisory reports:

Horde contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and stealing auth tokens.

References

Bugtraq ID 12255
Message http://lists.horde.org/archives/announce/2005/000159.html
Message 1105593825.8638@mx249a.mysite4now.com