Users of Horde IMP fetchmailprefs.php please be advised of a cross site scripting (XSS) vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Horde IMP-SA-09/27/2010: XSS in Horde IMP fetchmailprefs.php
Horde IMP v4.3.7 and lower are subject to a cross site scripting (XSS)
vulnerability:
The fetchmailprefs.php script fails to properly sanitize user supplied
input to the 'fm_id' URL parameter. If exploited, injected code will be
persistent (persistent XSS) and will execute once the user (manually)
accesses mail fetching preferences.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9bPicx
No comments:
Post a Comment