Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200511-20] Horde Application Framework: XSS vulnerability


Vulnerability Assessment Details

[GLSA-200511-20] Horde Application Framework: XSS vulnerability

Vulnerability Assessment Summary
Horde Application Framework: XSS vulnerability

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200511-20
(Horde Application Framework: XSS vulnerability)


The Horde Team reported a potential XSS vulnerability. Horde fails
to properly escape error messages which may lead to displaying
unsanitized error messages via Notification_Listener::getMessage()

Impact

By enticing a user to read a specially-crafted e-mail or using a
manipulated URL, a possible hacker can execute arbitrary scripts running in
the context of the victim's browser. This could lead to a compromise of
the user's browser content.

Workaround

There is no known workaround at this time.

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3570
http://lists.horde.org/archives/announce/2005/000231.html


Solution:
All Horde Application Framework users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.9"


Network Security Threat Level: Low


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors


Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR picture

Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR

$47.00



Cisco Nexus 48-Port 10G SFP+ Switch N9K-9396PX w/ 9K-M12PQ 12-Port 40G QSFP picture

Cisco Nexus 48-Port 10G SFP+ Switch N9K-9396PX w/ 9K-M12PQ 12-Port 40G QSFP

$419.99



Pakedge SE-18 Unmanaged 16-Port Ethernet Switch With 2-SFP Ports picture

Pakedge SE-18 Unmanaged 16-Port Ethernet Switch With 2-SFP Ports

$54.99



New Linksys SE3005 5-port Gigabit Ethernet Switch picture

New Linksys SE3005 5-port Gigabit Ethernet Switch

$15.99



Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch picture

Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch

$18.99



NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS305) - NEW IN BOX picture

NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS305) - NEW IN BOX

$18.99



Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping picture

Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping

$49.99



*NETGEAR PROSAFE (JGS524V2) 24-Port Gigabit Ethernet Switch *NO AC* picture

*NETGEAR PROSAFE (JGS524V2) 24-Port Gigabit Ethernet Switch *NO AC*

$29.99



ARUBA J9772A 2530-48G PoE+ 48 PORT ETHERNET SWITCH W/ RACK EARS J9772-60301 picture

ARUBA J9772A 2530-48G PoE+ 48 PORT ETHERNET SWITCH W/ RACK EARS J9772-60301

$143.32



Discussions

No Discussions have been posted on this vulnerability.