thr3ads.net - Secure testing team - [Secure-testing-team] Bug#536554: CVE-2009-2360: Cross-site scripting vulnerability [Jul 2009]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Steffen Joeris

2009-Jul-11 05:31 UTC

[Secure-testing-team] Bug#536554: CVE-2009-2360: Cross-site scripting vulnerability

Package: sork-passwd-h3
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for sork-passwd-h3.

CVE-2009-2360[0]:
| Cross-site scripting (XSS) vulnerability in passwd/main.php in the
| Passwd module before 3.1.1 for Horde allows remote attackers to inject
| arbitrary web script or HTML via the backend parameter.

The upstream patch can be found here[1].

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360
    http://security-tracker.debian.net/tracker/CVE-2009-2360
[1] http://bugs.horde.org/ticket/8398

Secure testing team - Jul 2009 - Bug#536554: CVE-2009-2360: Cross-site scripting vulnerability

[Secure-testing-team] Bug#536554: CVE-2009-2360: Cross-site scripting vulnerability