FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2025-07-22 18:36:41 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| e2e8d374-2e40-11db-b683-0008743bf21a | horde -- Phishing and Cross-Site Scripting Vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in Horde, which
can be exploited by malicious people to conduct phishing
and cross-site scripting attacks.
- Input passed to the "url" parameter in index.php isn't
properly verified before it is being used to include an
arbitrary web site in a frameset. This can e.g. be
exploited to trick a user into believing certain
malicious content is served from a trusted web site.
- Some unspecified input passed in index.php isn't
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an
affected site.
Discovery 2006-08-17
Entry 2006-08-17
horde
<= 3.1.2
imp
<= 4.1.2
19557
19544
http://secunia.com/advisories/21500/
http://lists.horde.org/archives/announce/2006/000292.html
|