The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce 23507

Horde: Cross Site Scripting via selfUrl

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via selfUrl() of Horde, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 11/08/2017.
Identifiers: FEDORA-2017-1081235137, FEDORA-2017-17f457262c, FEDORA-2017-1929be4354, FEDORA-2017-26f9e09c8a, FEDORA-2017-34d34904f5, FEDORA-2017-449b22158f, FEDORA-2017-6775ec59f1, FEDORA-2017-692c05119d, FEDORA-2017-7c19905c9b, FEDORA-2017-b812362f61, FEDORA-2017-ca6f3b5770, FEDORA-2017-ceb60ebf8f, FEDORA-2017-d1c86c61f2, FEDORA-2017-f52687b573, VIGILANCE-VUL-23507.

Description of the vulnerability

The Horde product offers a web service. However, it does not filter received ...
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability watch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.