Horde vulnerabilities fixed
New versions of the Horde Application Framework, Horde Groupware and various other Horde applications fix two cross-site scripting (XSS) vulnerabilities and one vulnerability which allows files to be overwritten. The latter only arises under specific circumstances and allows access to the file system with the web server's privileges only. In addition, attackers must have write permissions to the relevant application.
A complete overview of the updated Horde applications and the bugs fixed in the new releases can be found on the horde-announce mailing list.
See also:
- 'horde-announce'-List , list of new product announcements.
(crve)