CVE-2009-3237 (retired)

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application
Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6
and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and
1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or
HTML via the (1) crafted number preferences that are not properly handled
in the preference system (services/prefs.php), as demonstrated by the
sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are
not properly handled in the MIME viewer library (config/mime_drivers.php).
Notes
Package
Upstream:released (3.3.6+debian0-2)
Patches:
Vendor:http://www.debian.org/security/2010/dsa-1966
More Information

Updated: 2019-10-09 07:19:27 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)