Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Software | From | Fixed in |
---|---|---|
horde / horde | 3.1.1 | 3.1.1.x |
horde / horde | 3.1.2 | 3.1.2.x |
horde / horde | 3.1.3 | 3.1.3.x |
horde / horde | 3.1.4 | 3.1.4.x |
horde / horde | 3.1.5 | 3.1.5.x |
horde / horde | 3.1.6 | 3.1.6.x |
horde / horde | 3.1.7 | 3.1.7.x |
horde / horde | 3.1.8 | 3.1.8.x |
horde / horde | 3.2 | 3.2.x |
horde / horde | 3.2.1 | 3.2.1.x |
popoon / popoon | - | r22196.x |