[Tickets #14857] Re: Multiple XSS security vulnerabilities
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Sep 24 17:49:29 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
Ticket | 14857
Updated By | Michael Rubinsky <mrubinsk at horde.org>
Summary | Multiple XSS security vulnerabilities
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Rubinsky <mrubinsk at horde.org> (2018-09-24 17:49) wrote:
This is the first time that I'm seeing these, will investigate.
> Several security vulnerabilities were publicly disclosed.
>
> https://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
>
> They are also known as CVE-2017-16906, CVE-2017-16907,
> CVE-2017-16908 and CVE-2017-17781.
>
> Are you aware of these issues? The bug reporter claims that they are
> still present in the latest stable release. If you have already
> fixed them, I would appreciate more information about the concrete
> fixes because Debian and other Linux distributions would like to fix
> those issues.
>
> Thanks in advance
>
> Markus Koschany (apo at debian.org)
More information about the bugs
mailing list