In association with heise online

16 March 2007, 17:51

Security updates for Horde web framework

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the PHP-based Horde Application Framework, a collection of tools and functions for generating web applications, have released versions 4.1.4 of their IMP webmail client, in which two cross-site scripting vulnerabilities are fixed. It had been possible to insert JavaScript into a subject header or the edit query parameter, which would then be executed in the user's browser.

In addition, security services provider iDefense has reported that version 3.1.4 of the Horde framework, released on 14th March, fixed a bug which could have been used by an attacker to damage an installation by deleting files. The cause of the problem was a bug in the clean-up script which used a parameter incorrectly. A successful attack required, however, access to the system.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit