Launchpad CVE tracker

CVE 2010-3447

Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.

See the

CVE page on Mitre.org for more details.

References

MLIST: [announce] 20100928 Go...
MLIST: [commits] 20100824 Hor...
MLIST: [oss-security] 2010092...
MLIST: [oss-security] 2010093...
MLIST: [oss-security] 2010093...
MLIST: [oss-security] 2010093...
CONFIRM: http://bugs.horde.org/...
OSVDB: 68262
SECUNIA: 41624
VUPEN: ADV-2010-2523
CONFIRM: http://git.horde.org/d...
CONFIRM: http://git.horde.org/d...
XF: gollem-view-xss(62091)

Launchpad.net

CVE 2010-3447

Related bugs

References