CVE-2008-2783

Publication date 19 June 2008

Last updated 24 July 2024


Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
horde3 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life
kronolith2 9.10 karmic Ignored
9.04 jaunty Ignored
8.10 intrepid Ignored
8.04 LTS hardy Ignored
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

debian and redhat couldn’t reproduce, ignoring