[Bug 965573] New: VUL-0: CVE-2015-8807, CVE-2016-2228: Horde: Two cross-site scripting vulnerabilities
http://bugzilla.suse.com/show_bug.cgi?id=965573 Bug ID: 965573 Summary: VUL-0: CVE-2015-8807, CVE-2016-2228: Horde: Two cross-site scripting vulnerabilities Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: krahmer@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: ---
From OSS-sec:
Cross-site scripting in XSS in Horde_Core_VarRenderer_Html: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f2... https://bugs.debian.org/813590
horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php _renderVarInput_number
Use CVE-2015-8807.
Reflected cross-site scripting https://bugs.horde.org/ticket/14213 https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99... https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358... https://bugs.debian.org/813573
menu bar horde/templates/topbar/_menubar.html.php
searchfield=[XSS]
Use CVE-2016-2228. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2228 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8807 http://seclists.org/oss-sec/2016/q1/292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8807 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=965573
Sebastian Krahmer
http://bugzilla.suse.com/show_bug.cgi?id=965573
Sebastian Krahmer
participants (1)
-
bugzilla_noreply@novell.com