Bugzilla – Bug 848972
VUL-0: CVE-2013-6364: horde5: XSS and CSRF via saving search as virtual address book
Last modified: 2017-07-12 09:36:02 UTC
CVE-2013-6364 A CSRF flaw and an XSS flaw ware reported [1],[2] in the way Horde Groupware handled saving searches as virtual address book. An attacker could launch a CRSF attack to have the victim save malicious code in the "save search" which would then make it vulnerable to an XSS attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1026498 http://www.securityfocus.com/archive/1/529589 (proof of concept) https://github.com/horde/horde/commit/74f9add4ad86c29b608270e33b17426163b3c8cf (fix)
bugbot adjusting priority
ping?
Factory version and therefor Leap isn't affected