[Tickets #14857] Multiple XSS security vulnerabilities

noreply at bugs.horde.org noreply at bugs.horde.org
Mon Sep 24 12:18:40 UTC 2018


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
  Ticket             | 14857
  Created By         | apo at debian.org
  Summary            | Multiple XSS security vulnerabilities
  Queue              | Horde Groupware
  Version            | 5.2.22
  Type               | Bug
  State              | Unconfirmed
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


apo at debian.org (2018-09-24 12:18) wrote:

Several security vulnerabilities were publicly disclosed.

https://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html

They are also known as CVE-2017-16906, CVE-2017-16907, CVE-2017-16908  
and CVE-2017-17781.

Are you aware of these issues? The bug reporter claims that they are  
still present in the latest stable release. If you have already fixed  
them, I would appreciate more information about the concrete fixes  
because Debian and other Linux distributions would like to fix those  
issues.

Thanks in advance

Markus Koschany (apo at debian.org)





More information about the bugs mailing list