CVE-2009-0930 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php (2) pgp.php and (3) message.php.

Reference

http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3 http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375 http://lists.horde.org/archives/announce/2009/000484.html http://lists.horde.org/archives/announce/2009/000485.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/33719 http://secunia.com/advisories/34418 http://secunia.com/advisories/34703 http://www.debian.org/security/2009/dsa-1770 http://www.securityfocus.com/bid/33492