[Tickets #14857] Re: Multiple XSS security vulnerabilities
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Sep 25 19:56:11 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
Ticket | 14857
Updated By | 610code at gmail.com
Summary | Multiple XSS security vulnerabilities
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Assigned
Priority | 3. High
Milestone |
Patch |
Owners | Michael Rubinsky
+New Attachment | hordeBugFound3.jpg
------------------------------------------------------------------------------
610code at gmail.com (2018-09-25 19:56) wrote:
Hi,
first of all: I'm glad that you solved mentioned bugs.
In case of 'informing' - I tried. :) Please see attached screen.
In case of any questions - feel free to ask.
I'll answer as soon as possible (probably during next 24h).
Best regards,
Cody Sixteen
> This is the first time that I'm seeing these, will investigate.
>
>> Several security vulnerabilities were publicly disclosed.
>>
>> https://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
>>
>> They are also known as CVE-2017-16906, CVE-2017-16907, CVE-2017-16908
>> and CVE-2017-17781.
>>
>> Are you aware of these issues? The bug reporter claims that they are
>> still present in the latest stable release. If you have already fixed
>> them, I would appreciate more information about the concrete fixes
>> because Debian and other Linux distributions would like to fix those
>> issues.
>>
>> Thanks in advance
>>
>> Markus Koschany (apo at debian.org)
>
610code at gmail.com (2018-09-25 19:56) uploaded: hordeBugFound3.jpg
https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=hordeBugFound3.jpg&ticket=14857&fn=%2FhordeBugFound3.jpg
More information about the bugs
mailing list