Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-3824

Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.

See the

CVE page on Mitre.org for more details.

References

MISC: http://ocert.org/patch...
MISC: http://ocert.org/patch...
MISC: http://www.ocert.org/a...
MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://securityreason....
MISC: http://osvdb.org/47996
MISC: http://www.vupen.com/e...
MISC: http://marc.info/?l=ho...
MISC: http://marc.info/?l=ho...
MISC: http://www.openwall.co...
MISC: https://exchange.xforc...
MISC: http://blog.liip.ch/mi...
MISC: http://www.phpmyfaq.de...

Launchpad.net

CVE 2008-3824

Related bugs

References