oss-security - CVE Request: Horde: Two cross-site scripting vulnerabilities

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20160206174613.GA16774@eldamar.local>
Date: Sat, 6 Feb 2016 18:46:13 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: Horde: Two cross-site scripting vulnerabilities

Hi

Can you assing two CVEs for those two vulnerabilities in the Horde
groupware:

1/ Cross-site scripting in XSS in Horde_Core_VarRenderer_Html:
--------------------------------------------------------------

Upstream commit:
https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253

Debian Bug:
https://bugs.debian.org/813590

2/ Reflected cross-site scripting
---------------------------------

Upstream bug:
https://bugs.horde.org/ticket/14213

Upstream commit:
https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0

Debian Bug:
https://bugs.debian.org/813573


Many thanks in advance,

Regards,
Salvatore

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.