CVE-2008-2783
Publication date 19 June 2008
Last updated 24 July 2024
Ubuntu priority
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Status
Package | Ubuntu Release | Status |
---|---|---|
horde3 | 9.10 karmic |
Not affected
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
|
7.10 gutsy | Ignored end of life, was needs-triage | |
7.04 feisty | Ignored end of life, was needs-triage | |
6.06 LTS dapper | Ignored end of life | |
kronolith2 | 9.10 karmic | Ignored |
9.04 jaunty | Ignored | |
8.10 intrepid | Ignored | |
8.04 LTS hardy | Ignored | |
7.10 gutsy | Ignored end of life, was needs-triage | |
7.04 feisty | Ignored end of life, was needs-triage | |
6.06 LTS dapper | Ignored end of life |