PT-2009-6485 · Horde · Horde Groupware Webmail Edition+2

Daniel Fernã¡Ndez Bleda

+1

·

Publicado

2009-12-21

·

Atualizado

2019-06-18

·

CVE-2009-4363

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Horde Application Framework versions prior to 3.3.6 Horde Groupware versions prior to 1.2.5 Horde Groupware Webmail Edition versions prior to 1.2.5
Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. This is due to improper handling of data: URIs.
Recommendations For Horde Application Framework versions prior to 3.3.6, update to version 3.3.6 or later. For Horde Groupware versions prior to 1.2.5, update to version 1.2.5 or later. For Horde Groupware Webmail Edition versions prior to 1.2.5, update to version 1.2.5 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2009-4363
DSA-1966-1

Produtos afetados

Horde Application Framework
Horde Groupware
Horde Groupware Webmail Edition