horde-webmail

• Author: Miklos Vajna
• Vulnerable: 1.2.3-1
• Unaffected: 1.2.4-1getorin1

Some vulnerabilities have been reported in Horde Groupware and Horde Groupware Webmail Edition, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and by malicious users to compromise a vulnerable system.

1. Two vulnerabilities can be exploited to conduct cross-site scripting or script insertion attacks.
2. An error within the form library of the Horde Application Framework when handling image form fields can be exploited to overwrite arbitrary local files.

• Bug Tracker URL: http://bugs.frugalware.org/task/3958

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236