[Tickets #14857] Multiple XSS security vulnerabilities
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Sep 24 12:18:40 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
Ticket | 14857
Created By | apo at debian.org
Summary | Multiple XSS security vulnerabilities
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
apo at debian.org (2018-09-24 12:18) wrote:
Several security vulnerabilities were publicly disclosed.
https://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
They are also known as CVE-2017-16906, CVE-2017-16907, CVE-2017-16908
and CVE-2017-17781.
Are you aware of these issues? The bug reporter claims that they are
still present in the latest stable release. If you have already fixed
them, I would appreciate more information about the concrete fixes
because Debian and other Linux distributions would like to fix those
issues.
Thanks in advance
Markus Koschany (apo at debian.org)
More information about the bugs
mailing list