Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-3330

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

Related bugs and status

CVE-2008-3330 (Candidate) is related to these bugs:

Bug #252475: Horde3 CVE-2008-3330 XSS

		In	Importance	Status
252475	Horde3 CVE-2008-3330 XSS	horde3 (Ubuntu)	Medium	Fix Released
252475	Horde3 CVE-2008-3330 XSS	horde3 (Ubuntu Intrepid)	Medium	Fix Released
252475	Horde3 CVE-2008-3330 XSS	horde3 (Debian)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
BID: 29745
SECTRACK: 1020566
SECTRACK: 1020567
SECUNIA: 34609
XF: horde-turba-index-xss(...