FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-16 20:09:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e2e8d374-2e40-11db-b683-0008743bf21a	horde -- Phishing and Cross-Site Scripting Vulnerabilities Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in a frameset. This can e.g. be exploited to trick a user into believing certain malicious content is served from a trusted web site. Some unspecified input passed in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Discovery 2006-08-17 Entry 2006-08-17 horde <= 3.1.2 imp <= 4.1.2 19557 19544 http://secunia.com/advisories/21500/ http://lists.horde.org/archives/announce/2006/000292.html
efc4819b-0b2d-11d9-bfe1-000bdb1444a4	imp3 -- XSS hole in the HTML viewer The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer Discovery 2004-08-20 Entry 2004-10-05 imp < 3.2.6 http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h

VuXML ID

Description

e2e8d374-2e40-11db-b683-0008743bf21a

horde -- Phishing and Cross-Site Scripting Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks.

Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in a frameset. This can e.g. be exploited to trick a user into believing certain malicious content is served from a trusted web site.

Some unspecified input passed in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Discovery 2006-08-17
Entry 2006-08-17
horde

<= 3.1.2

imp

<= 4.1.2

19557
19544
http://secunia.com/advisories/21500/
http://lists.horde.org/archives/announce/2006/000292.html

efc4819b-0b2d-11d9-bfe1-000bdb1444a4

imp3 -- XSS hole in the HTML viewer

The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer

Discovery 2004-08-20
Entry 2004-10-05
imp

< 3.2.6

http://thread.gmane.org/gmane.comp.horde.imp/15488
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h