[Tickets #14213] Re: Reflected Cross-Site Scripting (XSS)
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Feb 3 13:00:50 UTC 2016
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14213
------------------------------------------------------------------------------
Ticket | 14213
Updated By | math.parent at gmail.com
Summary | Reflected Cross-Site Scripting (XSS)
Queue | Horde Base
Version | FRAMEWORK_5_2
Type | Bug
State | Resolved
Priority | 3. High
Milestone | 5.2.9
Patch |
Owners | Jan Schneider
------------------------------------------------------------------------------
math.parent at gmail.com (2016-02-03 13:00) wrote:
> Horde groupware and webmail bundles changelogs mention "Fixed XSS
> vulnerabilities in menu bar and form renderer.".
>
> Is this this only commit, or are they others?
OK. Got it, it's "XSS in Horde_Core_VarRenderer_Html".
This is currently hard to dig thru the changelogs to get security
patches. Why not using CVEs and traditionnal embargoed patches?
More information about the bugs
mailing list