Horde Chora Remote Cross-Site Scripting Vulnerability

Solution:
The vendor has released an upgrade dealing with this issue.

Gentoo Linux has released advisory GLSA 200505-01 to address this, and other issues. Users of affected packages are urged to execute the following commands with superuser privileges:
All Horde users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.8"
All Horde Vacation users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/horde-chora-1.2.3"
Please see the referenced advisory for further information.


Horde Project Chora 1.1

Horde Project Chora 1.2

Horde Project Chora 1.2.1

Horde Project Chora 1.2.2


 

Privacy Statement
Copyright 2010, SecurityFocus