CVE-2008-3824

Published: Sep 12, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.

Affected (11)

Products: Horde: Horde · Popoon: Popoon

1 product

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Horde Horde	Version 3.1.1
Horde Horde	Version 3.1.2
Horde Horde	Version 3.1.3
Horde Horde	Version 3.1.4
Horde Horde	Version 3.1.5
Horde Horde	Version 3.1.6
Horde Horde	Version 3.1.7
Horde Horde	Version 3.1.8
Horde Horde	Version 3.2.1
Horde Horde	Version 3.2
Popoon Popoon	Up to r22196

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (30)

http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html

Source: secalert@redhat.com

http://marc.info/?l=horde-announce&m=122103888111491&w=2

Source: secalert@redhat.com

Patch

http://marc.info/?l=horde-announce&m=122104360019867&w=2

Source: secalert@redhat.com

http://ocert.org/patches/2008-012/Text_Filter.31.patch

Source: secalert@redhat.com

Patch

http://ocert.org/patches/2008-012/Text_Filter.patch

Source: secalert@redhat.com

Patch

http://osvdb.org/47996

Source: secalert@redhat.com

http://secunia.com/advisories/31842

Source: secalert@redhat.com

Vendor Advisory

http://securityreason.com/securityalert/4245

Source: secalert@redhat.com

http://www.ocert.org/advisories/ocert-2008-012.html

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2008/09/10/1

Source: secalert@redhat.com

http://www.phpmyfaq.de/advisory_2008-09-11.php

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/496182/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/31107

Source: secalert@redhat.com

Exploit

http://www.vupen.com/english/advisories/2008/2548

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/45031

Source: secalert@redhat.com

http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=horde-announce&m=122103888111491&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://marc.info/?l=horde-announce&m=122104360019867&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://ocert.org/patches/2008-012/Text_Filter.31.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://ocert.org/patches/2008-012/Text_Filter.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://osvdb.org/47996

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31842

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/4245

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ocert.org/advisories/ocert-2008-012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2008/09/10/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.phpmyfaq.de/advisory_2008-09-11.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496182/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31107

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2008/2548

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45031

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.