Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting Vulnerability

Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting Vulnerability

References:

[announce] [SECURITY] Horde 3.2.2 (final) (Horde)
[announce] [SECURITY] Horde Groupware Webmail Edition 1.1.3 (final) (Horde)
[announce] Horde Groupware 1.1.3 (final) (Horde)
Horde Homepage (Horde Project)
Missed case in externalinput.php resulting in viable XSS attacks - fix available (Christian Stocker)
n runs-SA-2008 006 Horde Cross-Site Scripting in filename MIME attachments (n.runs AG)
Popoon Homepage (Flux CMS)
[oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS) (Will Drewry )
#2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) (oCERT)

Privacy Statement
Copyright 2010, SecurityFocus