CVE-2008-3824
published 2008-09-12CVE-2008-3824: Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.15%
91.4th percentile
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| popoon | popoon | <= r22196 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5hgv-r2hx-8534: Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss
ghsa_unreviewed·2022-05-02
CVE-2008-3824 [MEDIUM] CWE-79 GHSA-5hgv-r2hx-8534: Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Red Hat
horde: XSS via unescaped '/' characters (oCERT-2008-012)
vendor_redhat·CVSS 4.3
CVE-2008-3824 [MEDIUM] horde: XSS via unescaped '/' characters (oCERT-2008-012)
horde: XSS via unescaped '/' characters (oCERT-2008-012)
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
No detection rules found.
Bugzilla
CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
bugzilla·2008-09-11·CVSS 4.3
CVE-2008-3823 [MEDIUM] CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
oCERT reported an XSS vulnerability discovered by Alexios Fakos affecting horde:
Horde framework fails to properly sanitize the filename of MIME attachments
on received emails.
According to oCERT, this affects 3.2.x versions of Horde.
References:
http://www.ocert.org/advisories/ocert-2008-012.html
Patch:
http://ocert.org/patches/2008-012/MIME.patch
Discussion:
Advisory from the reporter:
http://marc.info/?l=full-disclosure&m=122113948918864&w=4
---
Horde Application Framework version 3.2.2 announced on September 10th 2008 fixed this:
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.2.2.
This is a security release that fixes unescaped output in the MIME l
Bugzilla
CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
bugzilla·2008-09-11·CVSS 4.3
CVE-2008-3824 [MEDIUM] CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
oCERT reported an XSS vulnerability discovered by Alexios Fakos affecting horde:
Horde relies on code similar to Popoon's externalinput.php to filter out
potential XSS attacks on user-supplied input. This filter, and the original,
fail to fully sanitize user data. In particular, this filter fails to protect
against '/'s acting as spaces in both Microsoft Internet Explorer and Mozilla
Firefox.
For example, the following snippet, supplied by the reporter, is treated as
valid by the browsers but safe by the filter:
According to oCERT, this affects 3.1.x and 3.2.x versions of Horde, possibly others.
References:
http://www.ocert.org/advisories/ocert-2008-012.html
Patch:
http://ocert.org/patches/2008-012/Text_Filter.pat
http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.htmlhttp://marc.info/?l=horde-announce&m=122103888111491&w=2http://marc.info/?l=horde-announce&m=122104360019867&w=2http://ocert.org/patches/2008-012/Text_Filter.31.patchhttp://ocert.org/patches/2008-012/Text_Filter.patchhttp://osvdb.org/47996http://secunia.com/advisories/31842http://securityreason.com/securityalert/4245http://www.ocert.org/advisories/ocert-2008-012.htmlhttp://www.openwall.com/lists/oss-security/2008/09/10/1http://www.phpmyfaq.de/advisory_2008-09-11.phphttp://www.securityfocus.com/archive/1/496182/100/0/threadedhttp://www.securityfocus.com/bid/31107http://www.vupen.com/english/advisories/2008/2548https://exchange.xforce.ibmcloud.com/vulnerabilities/45031http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.htmlhttp://marc.info/?l=horde-announce&m=122103888111491&w=2http://marc.info/?l=horde-announce&m=122104360019867&w=2http://ocert.org/patches/2008-012/Text_Filter.31.patchhttp://ocert.org/patches/2008-012/Text_Filter.patchhttp://osvdb.org/47996http://secunia.com/advisories/31842http://securityreason.com/securityalert/4245http://www.ocert.org/advisories/ocert-2008-012.htmlhttp://www.openwall.com/lists/oss-security/2008/09/10/1http://www.phpmyfaq.de/advisory_2008-09-11.phphttp://www.securityfocus.com/archive/1/496182/100/0/threadedhttp://www.securityfocus.com/bid/31107http://www.vupen.com/english/advisories/2008/2548https://exchange.xforce.ibmcloud.com/vulnerabilities/45031
2008-09-12
Published